Euler Finance attacker launders $1.8 million via crypto mixer Tornado Cash

Quick Take

  • Euler Finance attacker laundered 1,100 ETH ($1.8 million) using Tornado Cash mixer.
  • Euler previously offered a 10% bounty ($19.7 million) to the attacker to return the remaining 90% of the stolen funds.

The Euler Finance attacker transferred 1,100 ETH ($1.8 million) to the cryptocurrency mixer Tornado Cash in an attempt to launder the stolen funds, according to on-chain data aggregated from security firm BlockSec.

The transfer comes after the lending protocol was drained of $197 million in a flash loan attack earlier this week. Sending funds to a mixer is a common tactic used by cyber criminals to make it harder for law enforcement to track and recover stolen crypto.

In Euler's case, the laundering development could be significant. In an earlier on-chain message, Euler had offered a 10% bounty ($19.7 million) to the attacker to return the remaining 90% of the stolen funds. This is a common strategy used by crypto projects to incentivize hackers to return assets. Euler warned the perpetrator that if  funds were not returned, it would launch a $1 million reward for information on the attacker.

It remains to be seen if the attacker will accept the offer, but the high value of the bounty could make it appealing for them to return the funds instead of risking legal consequences. However, offering a bounty does not guarantee that the funds will be returned.

'Change their mind'

Social media commentators suggested that the transfer of funds indicates the attacker may not return any assets. However, BlockSec was more circumspect.

"The amount of money they laundered at this moment does not have a direct relationship with whether the attacker will return the 90% of assets asked for by Euler. The attacker can return the assets if they want, but they may also change their mind," Matthew Jiang, director of security services at BlockSec told The Block.

Another noteworthy development was that one of Euler's victims sent an on-chain message to the attacker's address requesting a return of the funds. The victim claimed they had deposited 78 wrapped staked ether (wstETH) worth $140,000 into Euler, which they claimed was their entire life savings. Surprisingly, the attacker returned 100 ETH ($165,000) to the victim, more than what was asked. BlockSec said on-chain analysis suggests that the person was a genuine victim based on interactions with Euler.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.