North Koreans Attempt to Phish Euler Exploits $200 Million in Crypto, Experts Say
The so-called “Ronin bridge exploiter,” who in March stole $625 million worth of crypto game Axie Infinity, sent a note on chain to Euler’s exploiter asking it to decrypt an encrypted message. But according to experts CoinDesk spoke to, the message was a phishing scam that attempted to steal the credentials of the Euler exploiter’s wallet.
The unlikely exchange from one crypto hacker to another spurred confusion on crypto Twitter and rang alarm bells at Euler Finance, which was already days into its own chain attempt to recover $200 million. Euler is a platform for borrowing and lending cryptocurrencies on the Ethereum blockchain.
The Lazarus Group is a hacker group allegedly linked to North Korea. Observers have accused Lazarus of launching a multibillion-dollar campaign against the crypto world, the proceeds of which are said to fund North Korea’s weapons program.
Minutes after the Ronin hacker wallet sent a message to the Euler hacker wallet, developers at Euler Finance tried to intervene with messages of their own. They warned their own hacker to be wary of the alleged decryption software, saying “the easiest way out here is to return funds.”
Euler developers continued in a separate transaction, “Do not try to view that message under any circumstances. Do not enter your private key anywhere. Reminder that your machine may also be compromised.”
The Ronin hackers’ oversight may be a thinly veiled attempt to trick the Euler hacker into giving up the private key — and thus the crypto — they stole from Euler Finance, said Hudson Jameson, a former developer at the Ethereum Foundation. But he said the motives behind the messages in the chain are still unclear.
“In my opinion, it’s unknown why they’re asking, but it could definitely be an attempt to see if the Euler hacker is falling for a phishing attempt,” Jameson told CoinDesk.
Stephen Tong, co-founder of security auditing firm Zellic.io, speculated that Ronin’s alleged encrypted message may well contain an “offer” to the Euler hacker, “but we can’t know for sure since we can’t decrypt the message without a private key.”
The on-chain drama comes as Euler Finance tries to initiate its own negotiation via messages encoded on the Ethereum blockchain. It was Euler Finance’s plea to get back $200 million that the hacker answered on Tuesday:
“We want to make this easy for everyone concerned. No intention to keep what is not ours,” the hacker wrote back to Euler Finance, apparently ignoring the Ronin exploiter’s phish attempt. The message continued: “will communicate soon.”
Both the Ronin Bridge exploiter and the Euler Finance exploiter did not immediately return a request for comment.
Tuesday’s messages were not the first time the two exploiters crossed paths. On March 17, the Euler Finance exploiter sent 100 ether (ETH) to wallets connected to the Lazarus Group’s Ronin heist. It was unclear why.
The messages highlight how Ethereum can be a platform for the most unlikely conversations, Jameson said.
“Unlike centralized systems that maintain control over the messages, the Euler exploit provides an example of new-age communication and processes in response to a public smart contract exploit.”