Decentralized finance (DeFi) platform Euler Labs recently caused a stir when it suffered a terrible hack that cost it almost $200 million. The issue was further brought to light by Michael Bentley’s tweet, which assured users that a large team of world-class individuals is doing everything possible to recover the stolen funds.
The platform’s CEO retweeted one user who released details that Euler had 10 audits from six different companies and remarked that the platform “has always been a security-minded project” while describing the “hardest days” of his life.
The time immediately after an attack is crucial and I've done everything I can to support the recovery process. I've had to sacrifice time with my newborn son. I'll never forgive the attacker for that, but they can put things right and return funds to the EulerDAO Treasury ASAP.
— Michael Bentley (@euler_mab) March 16, 2023
Yet, ten consecutive audits of the Ethereum-based lending protocol Euler Finance over a two-year period indicated that it was only low risk and had no major flaws before being subject to a multi-million dollar hack.
Michael Bentley also reveals that a $1 million reward has been offered by the Euler Foundation for information leading to the capture of the perpetrator:
“If you come across any clues on chain, Discord, Telegram, Twitter, or GitHub, please share them.”
This came after the hacker ignored communication from the developers of Euler asking whether he would be willing to communicate with them about any potential next steps for fund recovery.
The noncustodial lending protocol is attempting to reach an agreement with the exploiter by requiring the hacker to repay 90% of the money they took within 24 hours, failing which they will be prosecuted.
Euler’s Attacker Mixes Assets Into Tornado Cash
Nevertheless, it appears that the exploiter is not interested in the nearly $20 million prize provided by Euler Labs, which prompted the developers to issue another on-chain follow-up message two days ago.
It reads, “Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”
On-chain data indicates that the hacker disregarded Euler Finance’s warnings and instead, just a few hours after the proposal went public, mixed around 1,000 Ethereum (ETH) tokens of the cryptocurrency into Tornado Cash.
Meanwhile, there was some good news as well: the hacker, after hearing their concerns, agreed to pay 100 ETH to one of the victims. One of the users who lost their money informed the hacker that he was a humble person who would lose all of his life’s savings if he turned down the protocol’s offer of reward.
2/ Euler Finance Exploiter 2 has transferred 100 ETH (~166K) into a plausible exploit victim address 0x2Af24. pic.twitter.com/ozipj0TFhn
— CertiK Alert (@CertiKAlert) March 16, 2023
It is currently unknown if the attacker is going to return the remaining tokens to the platform in order to evade detection by white hackers, blockchain-tracking businesses, and even law enforcement.