Euler Finance hacker wallet sent 100 ETH to Lazarus Group address

The Euler Finance hacker wallet sent 100 ETH to the Lazarus Group address linked to attack on the Ronin network in March 2022. Lookonchain experts said.

Euler Finance Exploiter transferred 100 $ETH to Ronin Bridge Exploiter(stole 173,600 $ETH and 25.5M $USDC).

Ronin Bridge Exploiter was listed by #OFAC as Lazarus Group – the North Korean state hacking group.

Are the two hackers the same person or was it intentional? pic.twitter.com/aPzOkSlXb6

— Lookonchain (@lookonchain) March 17, 2023

In April 2022, the U.S. Treasury’s Office of Foreign Assets Control added the hacker group, reportedly linked to the North Korean government, to the sanctions list. Chainalysis analysts confirmed that the address named by authorities was involved in the Ronin hack. The incident, with damages of about $625 million, was the largest for the DeFi sector.

In June there was a attack on the Horizon cross-chain bridge of the Harmony protocol for $100 million. The FBI accused of the hack North Korean groups Lazarus and APT38. Analysts at Elliptic had previously reached the same conclusion.

In March 2023, the attacker illicitly withdrew assets worth more than $196 million from the Euler Finance DeFi platform.

Lookonchain experts noted that the transaction between the exploit wallet and Lazarus does not necessarily indicate their identity. The hacker could have carried out the transfer deliberately to mislead investigators. 

Euler Finance staff after the incident blocked the vulnerable EToken module, reached out to law enforcement and to Chainalysis and TRM Labs for assistance in the investigation. The project demanded that the hacker return 90% of the stolen funds. The company warned that, should this not happen, a reward of $1 million would be offered for any information leading to his arrest.  

A few hours after the proposal, the hacker sent cryptocurrency worth about $2.5 million to the mixer Tornado Cash. However, he responded to a request from one user to return the lost 78 ETH. The latter called the funds ‘vital savings’. In response, he received 100 ETH.

The CEO of Euler Labs, Michael Bentley, described the days after the protocol’s exploit as ‘the hardest’ of his life. He said he would ‘never forgive’ the hacker for depriving him of time with his newborn son.

The time immediately after an attack is crucial and I’ve done everything I can to support the recovery process. I’ve had to sacrifice time with my newborn son. I’ll never forgive the attacker for that, but they can put things right and return funds to the EulerDAO Treasury ASAP.

— Michael Bentley (@euler_mab) March 16, 2023

Bentley confirmed that the protocol’s code has undergone ten audits over two years of operation. Experts Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica found no issues during their checks.

«Euler всегда был проектом, ориентированным на безопасность», — заверил глава компании.

He reminded of the $1 million reward for information about the attacker.

Today the Euler Foundation is launching a $1M reward in the hope that this provides additional incentive for information that leads to the Euler protocol attacker’s arrest and the return of all funds extracted by the attacker.

— Euler Labs (@eulerfinance) March 15, 2023

In 2023 alone, Binance and Huobi froze and restored access to $2.58 million in Bitcoin linked to the Harmony hack. Norwegian authorities seized $5.9 million stolen from Ronin.