A few days after hinting that they were open to discussion, the Euler Finance hackers have returned some of the stolen funds to the protocol. In addition, several on-chain messages have been sent, which could indicate a desire to settle the situation quickly on the side of the attackers.
Euler Finance recovers part of the stolen funds
On Saturday afternoon, the hackers behind the attack on the decentralized finance protocol (DeFi) Euler Finance returned some of the stolen funds. A first transaction of 51,000 ETH took place, then another of 7,737.25 ETH in a second time from another address, bringing the total to about $103.4 million at the time of writing:
Figure 1 – First transaction showing the return of 51,000 ETH to Euler Finance
Although nearly half of the funds are still missing, it seems that the discussions started earlier this week are starting to bear fruit, after the theft of $197 million on March 13.
In addition, the attackers also moved about 43 million IADs in four different transactions across several addresses, one of which was used to return the 7,737.25 ETH previously discussed. As of now, these IADs have not moved since.
Difficulty to communicate
Beyond the return of funds, there are transactions on the various addresses involved that carry interesting messages. While these messages may be difficult to interpret from the outside, they may suggest communication difficulties between the Euler Finance teams and their attackers.
In one such message, sent identically at least twice on the “Euler Deployer” smart contract, the hackers ask to be contacted quickly on the email address provided and that they would not be interested in any bounty:
Figure 2 – Example of one of the messages sent to Euler Finance
It is also possible to deduce that the person(s) behind the hack may have already tried to trade without success, as the address identified as “Euler Finance Exploiter 2” sent transactions to itself inviting the communicators to disable the spam filter to see the responses sent:
Figure 3 – Message sent from Euler Finance Exploiter 2 to itself
Moreover, we can also note at least one other transaction addressed to Euler Finance, simply with the message “sheeps4music at mail2tor.com”. Since Mail2Tor is an anonymous email communication service accessible from the Tor browser, sheeps4music could be the alias to which the communications are addressed.
It is curious to observe the insistence with which hackers seek to exchange with Euler Finance. With the information at our disposal, it is impossible to draw reliable conclusions about the real motive for these actions, although it could suggest a desire to reach a quick settlement.
On the protocol side, Euler Labs has not yet given any official information on its Twitter profile about the return of the funds
