In a message sent directly on-chain to the Euler Finance address, the protocol’s hackers said they were ready to talk. Is this a sign that the funds will be returned soon?
Euler Finance hackers contact the protocol
Last week, the decentralized finance (DeFi) protocol Euler Finance suffered the biggest hack of 2023 with a theft of nearly $197 million. Since then, the protocol’s teams have been hard at work trying to recover what was stolen, and a $1 million bounty has even been offered for anyone with information crucial to solving the investigation.
Michael Bentley, CEO of Euler Labs, took to Twitter to describe the event as one of the most difficult days of his life, and that he had to “sacrifice time with [his] newborn son,” something he could not forgive the hacker for:
The time immediately after an attack is crucial and I’ve done everything I can to support the recovery process. I’ve had to sacrifice time with my newborn son. I’ll never forgive the attacker for that, but they can put things right and return funds to the EulerDAO Treasury ASAP.
– Michael Bentley (@euler_mab) March 16, 2023
In spite of everything, the hacker, or rather “the hackers” seem to be right, because in a concise message sent via an on-chain transaction on an Euler Finance address, they indicate that they wish to start discussions:
We want to make this easy for everyone involved. No intention of keeping what is not ours. Set up secure communication. Let’s come to an agreement. “
For their part, Euler Finance teams responded Monday evening and said they were ready to talk too:
” Message received. Let’s talk privately on blockscan via Euler Deployer and one of your EOAs, via signed email messages to [email protected], or any other channel of your choice. Respond according to your preference. “
As of this writing, there did not appear to be any new public exchanges between the two addresses involved. If discussions are currently taking place, they are indeed in private.
A long audited protocol
Sometimes, DeFi protocols are light on security for their smart contracts, which obviously facilitates attacks. However, Euler Finance did not fall into this category. On the contrary, the protocol underwent ten security audits, carried out by six different companies:
Euler in particular had 10audits from 6 different firms, including a frontend audit which I’ve never seen in a defi protocol. It looked super solid.
And most of these auditors already run automated scans through the code to find some of the most common stuff. pic.twitter.com/vNb931dval
– Wazz (@WazzCrypto) March 15, 2023
However, the exploited flaw was the result of an update that took place last summer, and seems to have passed the two audits that have been performed since.
For its part, the blockchain analysis company Chainalysis, estimated that the hack could have been conducted by the North Korean hacker group Lazarus. Indeed, 100 ETH were sent to an address associated with the hack of the Ronin bridge of Axie Infinity:
100 ETH stolen in Monday’s Euler Finance hack have moved to an address associated with a previous hack carried out by NorthKorea-linked actors. This may mean the Euler hack is the work of DPRK too, or could be misdirected by other hackers. We’ll share more details as possible https://t.co/DxvGsc90Z8 pic.twitter.com/5QPphNTyYY
– Chainalysis (@chainalysis) March 17, 2023
However, it remains to be determined whether this is indeed the Lazarus Group, or whether this transaction is there to muddy the waters. The potential further trade between Euler Finance and the attackers will also be something to watch. While there is no evidence to support this, the extensive investigative work being conducted may be just the thing to deter further flight.
