Euler Finance exploiter has returned 3,000 ETH worth $5.4m to the DeFi protocol, indicating the platform may have reached a deal with the hacker.
Exploiter returns stolen Euler funds worth $5.4m
The Euler Finance exploiter on Mar. 18 returned about 3,000 ETH ($5.4m) to the platform’s deployer address. Blockchain investigator PeckShield identified three transactions used to send funds.
Euler Finance was hacked on Mar. 13 in a flash loan attack where the exploiter made away with $197m.
The funds were stolen over four transactions of $136m staked ether (stETH), $34m USDC, $19m wrapped bitcoin (WBTC), and $8.7m DAI.
The attacker manipulated the protocol’s internal markets via a flash loan, draining their treasury.
Later, the exploiter moved 1,100 ETH ($1.8m) to the crypto mixer Tornado Cash to launder stolen funds.
The protocol on Mar. 14 offered the exploiter a 10% bounty to return 90% of the stolen funds.
However, it warned that if the funds were not returned within 24 hours, it would launch a $1m reward for information that would lead to their arrest and the return of all funds.
Exploiter sends funds to Lazarus Group
The attacker, on Mar. 17, sent 100 ETH ($170,500) to a wallet associated with Lazarus Group’s Ronin, a North Korean hacking group, according to Lookonchain.
It is unclear whether Lazarus Group is an accomplice or connected to the Euler Finance exploiter.
The U.S. Treasury Department added Lazarus Group to its list of designated entities in April 2022.
Whether the attacker plans to return the rest of the funds remains unknown.