Euler Finance, a non-custodial lending protocol based on blockchain technology, is currently negotiating with a hacker who stole millions from their platform. The company has given the hacker a 24-hour deadline to return 90% of the stolen funds, warning of legal repercussions if they fail to comply.
On March 13, 2023, the hacker executed a $196 million flash loan on Euler’s Ethereum-based lending system. Euler immediately acknowledged the breach and reached out to the attacker for a discussion to find a solution.
After receiving no response, Euler sent an on-chain message to the attacker, offering to pay them 10% of the stolen funds if they returned 90%. A deadline for compliance was included and failing to comply meant the company would launch a $1 million reward for information leading to the attacker’s arrest and the return of all funds.
The message states that “Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”
euler just sent an on-chain message to the hacker pic.twitter.com/0wKIW51NjM
— 0xngmi (llamazip arc) (@0xngmi) March 14, 2023
The offer means the attacker must return $176.4 million and keep $19.6 million. This deal is believed to benefit both parties, particularly the attacker, who would have difficulty getting away with $200 million without being caught by the authorities.
Meanwhile, Euler Labs, through their Twitter account, has disclosed their efforts to recover the stolen funds. The team has disabled the EToken module to prevent further direct attacks and has enlisted the help of TRM Labs, Chainalysis, and the ETH security community to investigate, track, and recover the stolen funds. They have also alerted law enforcement agencies in the U.S. and the U.K.
An update on our work today to recover funds for Euler protocol users.
Here are a few actions we took immediately:
1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function
2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023
Some observers have suggested that the attacker should offer $2 million to counter Euler’s $1 million reward for information leading to their arrest. Others claimed that returning 90% of the funds would land the hacker in jail and that leniency would only be granted if they returned 100% of the funds, but that going dark and pretending to have nothing to do with the hack would be the best option.
As a hacker if you return, you are incriminating yourself. Not sure what the point it.
Returning 90% will land you in jail for sure.
Returning 100% you may get some leniency.
Pretending you have nothing to do with this, and going dark, seems like the best option.
— Patrick Dehkordi (@PatrickDehkordi) March 14, 2023
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”