Euler Finance attacker launders $1.8 million via crypto mixer Tornado Cash

Crypto Ecosystems • March 16, 2023, 7:59AM EDT
UPDATED: March 17, 2023, 3:36AM EDT
The Block

Quick Take

  • Euler Finance attacker laundered 1,100 ETH ($1.8 million) using Tornado Cash mixer.
  • Euler previously offered a 10% bounty ($19.7 million) to the attacker to return the remaining 90% of the stolen funds.

The Euler Finance attacker transferred 1,100 ETH ($1.8 million) to the cryptocurrency mixer Tornado Cash in an attempt to launder the stolen funds, according to on-chain data aggregated from security firm BlockSec.

The transfer comes after the lending protocol was drained of $197 million in a flash loan attack earlier this week. Sending funds to a mixer is a common tactic used by cyber criminals to make it harder for law enforcement to track and recover stolen crypto.

In Euler's case, the laundering development could be significant. In an earlier on-chain message, Euler had offered a 10% bounty ($19.7 million) to the attacker to return the remaining 90% of the stolen funds. This is a common strategy used by crypto projects to incentivize hackers to return assets. Euler warned the perpetrator that if  funds were not returned, it would launch a $1 million reward for information on the attacker.

It remains to be seen if the attacker will accept the offer, but the high value of the bounty could make it appealing for them to return the funds instead of risking legal consequences. However, offering a bounty does not guarantee that the funds will be returned.

'Change their mind'

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Social media commentators suggested that the transfer of funds indicates the attacker may not return any assets. However, BlockSec was more circumspect.

"The amount of money they laundered at this moment does not have a direct relationship with whether the attacker will return the 90% of assets asked for by Euler. The attacker can return the assets if they want, but they may also change their mind," Matthew Jiang, director of security services at BlockSec told The Block.

Another noteworthy development was that one of Euler's victims sent an on-chain message to the attacker's address requesting a return of the funds. The victim claimed they had deposited 78 wrapped staked ether (wstETH) worth $140,000 into Euler, which they claimed was their entire life savings. Surprisingly, the attacker returned 100 ETH ($165,000) to the victim, more than what was asked. BlockSec said on-chain analysis suggests that the person was a genuine victim based on interactions with Euler.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Andrew Rummer at
[email protected]

More by Vishal Chawla