Euler Finance to initiate talks with the user about the return of funds
Ethereum-based lending protocol Euler Finance could be a step closer to recovering funds stolen in a $196 million flash loan attack last week, with private discussions now underway with the exploiter.
In a chain message to Euler on March 20, days after sending funds to a red-flagged North Korean address, the exploiter claimed they now want to “come to terms” with Euler.
“We want to make this easy for everyone concerned. No intention of keeping what is not ours. Set up secure communication. Let us come to an agreement, said the exploiter.
Hours later, Euler responded with his own chain message, confirming the message and asking the exploiter to speak “privately”, saying:
“Message received. Let’s talk privately on blockscan via the Euler Deployer address and one of your EOAs, via signed messages via email at [email protected], or any other channel you choose. Reply with your preferences.”
Euler had previously attempted to strike a deal with the exploiter after the exploit, insisting that they return 90% of the funds they stole within 24 hours or potentially face legal consequences.
There was no response, and 24 hours later Euler launched a $1 bounty for any information leading to the arrest of the exploiter and the return of the funds.
Related: Euler attack causes locked tokens, losses in 11 DeFi protocols, including Balancer
Although the identity of the exploiter is not known, the recent language used by the exploiter may indicate that more than one person is involved.
In a March 17 Twitter post, blockchain analytics firm Chainalysis said the recent transfer of 100 Ether (ETH) to a wallet address associated with North Korea could mean the hack is the work of the “DPRK.”
However, this could also be an attempt to deliberately mislead investigators, the firm said.
Other transactions from the exploiter’s wallet address include 3,000 ETH sent back to Euler Finance on March 18, along with funds sent to crypto mixer Tornado Cash, and even an apparent victim of the exploit.
On March 20, another address contacted Euler on the chain, claiming to have found a “solid line of connections” that could help them find out who and where the exploiter is.
Cointelegraph reached out to the Euler Foundation for comment, but did not immediately receive a response.