- The Euler Finance attacker moved around 1,100 Ether from their address to sanctioned Ethereum-based crypto mixer Tornado Cash, on-chain data aggregated by BlockSec showed.
- Euler lost $197 million in digital assets after suffering a flash loan attack on Monday, Mar. 13.
- The DeFi lender offered the attacker a $19.7 million bug bounty if they returned 90% of the funds to users.
- One victim received 100 ETH back from the exploiter after sending a message pleading for the assets to be returned
The hacker who exploited decentralized finance (DeFi) lender Euler Finance sent 1,100 ETH from the stolen loot to U.S.-sanctioned crypto mixer Tornado Cash. The transactions were made in the early hours of Thursday, three days after the initial exploit on Monday, Mar. 13.
Data collected by on-chain security outfit BlockSec showed that Euler lost around $197 million in digital assets on Monday after suffering a flash loan attack. The exploiter made off with an assortment of cryptocurrencies including staked Ether (stETH), USDC, wrapped Bitcoin (WBTC), and DAI stablecoin tokens.
Euler offered 10% of the funds, worth $19.7 million, as a bug bounty on the terms that the exploiter returned 90% of the assets to the DeFi lender and users. It’s not clear if Thurday’s transfer to Tornado Cash indicates that the hacker plans to return the funds.
Indeed, it’s common for DeFi hackers and crypto criminals to deposit stolen digital assets in crypto mixers like Tornado Cash. Industry observers like Chainalysis have opined that hackers use this strategy to mask the origin of their funds and throw off law enforcement.
Euler Finance Victim Receives Stolens Funds And Then Some
In an odd turn of events, one Euler Finance victim recover their funds from the attacker after reaching out to the unidentified exploiter. On-chain data showed that a victim sent a message to the hacker, saying their life savings was held on Euler Finance.
While the victim claimed they had 78 wrapped staked ether (wstETH) worth $140,000 on the platform, the hacker shockingly returned $165,000 in ETH to the victim.
It’s not the first time an individual has reached out to a crypto hacker in an attempt to communicate. A community member sent advice to the FTX hacker on how to launder their stolen funds and which crypto mixers were more suitable for the job.
Euler Finance, an algorithmic liquidity provider, has recently announced it has exploited deposited an impressive $1.8 million worth of Tornado Cash in a malicious transaction. In addition, Euler has also sent 100 ETH to the victim in an effort to restore their funds.
The attack occurred during an upgrade to Tornado Cash’s underlying circuit and allowed for malicious users to create a portion of Euler’s funds and deposit them into Tornado Cash. Euler noticed the irregularity and declared all deposits made after the upgrade had occurred to be suspicious and not accepted.
Euler, who is the largest algorithmic liquidity provider in the crypto and crypto derivatives space, immediately responded to the attack by withdrawing the funds back to their platform, as well as sending the victim 100 Ethereum to restore their funds.
Following the attack, the Tornado Cash team is currently hardening the code to mitigate any future attempts of a malicious attack. The team has also released an official statement in which they describe their investigation into the breach and the increased security measures they will carry out to prevent the same event from occurring again.
This attack serves to illustrate the need for vigorous security protocols in the crypto industry, even when it comes to trustworthy providers. It is important for users to ensure their funds remain secure by checking and following the security measures that have been laid out by the provider.
At Euler Finance, we understand the importance of security and have been working hard to ensure that our customers’ funds remain secure. We will continue to carry out rigorous security protocols to prevent any foreseeable malicious attacks in the future.