Euler Finance to enter talks with exploiter over the return of funds

March 21, 2023 Coin Telegraph

chainalysis

The flash loan exploiter claims they have “no intention of keeping what is not ours” and wants to “come to an agreement” with Euler Finance.

Ethereum-based lending protocol Euler Finance could be a step closer to recovering funds stolen in a $196 million flash loan attack last week, with private discussions now initiated with the exploiter.

In an on-chain message to Euler on March 20, days after sending funds to a red-flagged North Korean address, the exploiter claimed they now want to “come to an agreement” with Euler.

“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement,” said the exploiter.

*The hacker’s most recent public on-chain message to Euler. Source:* *Etherscan*

Hours later, Euler replied with its own on-chain message, acknowledging the message and asking the exploiter to talk “in private,” stating:

“Message received. Let's talk in private on blockscan via the Euler Deployer address and one of your EOAs, via signed messages over email at contact@euler.foundation, or any other channel of your choice. Reply with your preference.”

*Euler’s latest public on-chain message to the hacker. Source:* *Etherscan*

Euler had previously tried to cut a deal with the exploiter after the exploit, insisting that they return 90% of the funds they stole within 24 hours or potentially face legal consequences.

There was no response, and 24 hours later, Euler launched a $1 bounty reward for any information that could lead to the exploiter’s arrest and return of the funds.

While the identity of the exploiter is not known, the recent language used by the exploiter could suggest more than one person is involved.

In a March 17 tweet, blockchain analytics firm Chainalysis said the recent 100 Ether (ETH) transfer to a wallet address associated with North Korea could mean the hack is the work of the “DPRK” — the Democratic People’s Republic of Korea.

However, this could also be an attempt to intentionally misdirect investigators, the firm said.

Other transactions from the exploiter’s wallet address include 3000 ETH, which was sent back to Euler Finance on March 18, along with funds sent to crypto mixer Tornado Cash and even an apparent victim of the exploit.

https://t.co/4OBksAu9od pic.twitter.com/Zb3MIyex2f
— PeckShield Inc. (@peckshield) March 18, 2023

On March 20, another address reached out to Euler on-chain, claiming to have found a “solid string of connections” that could help them find out who and where the exploiter was.

Cointelegraph reached out to the Euler Foundation for comment but did not receive an immediate response.

Euler Finance hacked despite 10 audits in 2 years, says CEO

March 17, 2023 Coin Telegraph

audit

Euler Labs CEO Michael Bentley stated he will “never forgive” the hacker as the exploit caused him to lose time with his newborn son.

Ten separate audits conducted over a two-year period of the Ethereum-based lending protocol Euler Finance deemed it to be “nothing higher than low risk” and having “no outstanding issues” prior to it suffering from a $196 million attack.

In a series of tweets on March 17 Euler Labs CEO, Michael Bentley described the “hardest days” of his life after Euler’s $196 million flash loan attack on March 13.

He retweeted one user sharing information that Euler had 10 audits from 6 different firms, and commented that the platform “has always been a security-minded project.”

Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023

Blockchain security firms including Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica conducted smart contract audits on Euler Finance from May 2021 to September 2022.

Halborn ranked its risk assessment by measuring the “likelihood of a security incident” and the impact it may have, with the risk level ranging from very low and informational, to critical — Euler received “nothing higher than low risk.”

It was revealed in a Dec. 2022 summary of Halborn’s audit that it had found “an overall satisfactory result.”

The summary stated 23 smart contracts were “inspected and analyzed” by Halborn over a one-month period, of which only “two low risks and three informational” risks were identified.

Euler stated it had reviewed Halborn’s coverage and concluded the risks “pose no significant threats.”

Blockchain security firm Omnisica addressed some “incorrect paradigms” in Euler’s base swapper implementation, as well as how the swap mode was “handled by the codebase” — but stated in the report that these issues were “properly dealt” with by Euler, and “no outstanding issues” remained.

On March 16 the protocol’s hacker began moving funds through crypto mixer Tornado Cash only hours after a $1 million bounty was launched by Euler for information leading to the hacker’s arrest.

In his recent Twitter thread Bentley said he’ll never “forgive the attacker” as he was forced to “sacrifice time” with his newborn son due to the attack but thanked security experts who are “working on leads” for the investigation.

Only 24 hours prior to the bounty, Euler issued a warning saying it would launch a one “that leads to your arrest and the return of all funds” if 90% wasn’t returned within 24 hours.

Euler Finance’s offer to hacker: Keep $20M or face the law

March 15, 2023 Coin Telegraph

Euler Finance’s offer to hacker: Keep M or face the law

attack

The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.

Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.

Euler Labs sent its ultimatum to the flash loan attacker who exploited the platform for $196 million by transferring the hacker 0 Ether (ETH) with an attached message on March 14:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

euler just sent an on-chain message to the hacker pic.twitter.com/0wKIW51NjM
— 0xngmi (llamazip arc) (@0xngmi) March 14, 2023

The threat of law enforcement comes as Euler sent the hacker a much more civil message the day before.

“We understand you are responsible for this morning’s attack on the Euler platform,” it read. “We are writing to see whether you would be open to speaking with us about any potential next steps.”

The request for a 90% fund return would see the hacker send back $176.4 million while holding onto the remaining $19.6 million.

However, many observers have noted that the hacker has very little to no incentive to follow through with the deal.

Look over your shoulder for the rest of your life, or take a $20m deal. No brainer.

Although, they could easily be state actors and aren’t really worried about low levels feds. https://t.co/i5zUSDqFca
— drnick ️² (@DrNickA) March 15, 2023

“If I was the hacker I’d simply say ‘to anyone who manages to track me down, I will give you $2 million not to tell Euler,’” one observer said.

“Yeh he has 200 Million they have 2 Million. He wins in a bidding war,” another Twitter user wrote in response.

Euler Labs said it was already working with law enforcement in the United States and the United Kingdom, along with engaging blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum community, to help track down the hacker.

An update on our work today to recover funds for Euler protocol users.

Here are a few actions we took immediately:

1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function

2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023

The lending platform added it was able to promptly stop the flash loan attack by blocking deposits and the “vulnerable” donation function.

As for the exploited code, the team explained that the vulnerability “was not discovered” in the audit of its smart contract, which had existed on-chain for eight months until bei exploited on March 13.

Euler Labs works with various security groups to perform audits of the Euler Finance protocol.

While the vulnerable code was reviewed and approved during an outside audit, the vulnerability was not discovered as part of the audit.

The vulnerability remained on-chain for eight… https://t.co/M3PYSOwHhL
— Euler Labs (@eulerfinance) March 14, 2023

Euler Labs