Euler Finance exploiter returns 3,000 ETH worth $5.4m

Euler Finance exploiter has returned 3,000 ETH worth $5.4m to the DeFi protocol, indicating the platform may have reached a deal with the hacker.

Exploiter returns stolen Euler funds worth $5.4m

The Euler Finance exploiter on Mar. 18 returned about 3,000 ETH ($5.4m) to the platform’s deployer address. Blockchain investigator PeckShield identified three transactions used to send funds.

Euler Finance was hacked on Mar. 13 in a flash loan attack where the exploiter made away with $197m.

The funds were stolen over four transactions of $136m staked ether (stETH), $34m USDC, $19m wrapped bitcoin (WBTC), and $8.7m DAI.

The attacker manipulated the protocol’s internal markets via a flash loan, draining their treasury.

Later, the exploiter moved 1,100 ETH ($1.8m) to the crypto mixer Tornado Cash to launder stolen funds.

The protocol on Mar. 14 offered the exploiter a 10% bounty to return 90% of the stolen funds.

However, it warned that if the funds were not returned within 24 hours, it would launch a $1m reward for information that would lead to their arrest and the return of all funds.

Exploiter sends funds to Lazarus Group

The attacker, on Mar. 17, sent 100 ETH ($170,500) to a wallet associated with Lazarus Group’s Ronin, a North Korean hacking group, according to Lookonchain.

It is unclear whether Lazarus Group is an accomplice or connected to the Euler Finance exploiter.