<p><span style="font-weight: 400;">The Euler Finance attacker transferred 1,100 ETH ($1.8 million) to the cryptocurrency mixer Tornado Cash in an attempt to launder the stolen funds, according to </span><a href="https://etherscan.io/address/0xc66dfa84bc1b93df194bd964a41282da65d73c9a?toaddress=0xd90e2f925da726b50c4ed8d0fb90ad053324f31b"><span style="font-weight: 400;">on-chain data</span></a><span style="font-weight: 400;"> aggregated from security firm BlockSec. </span></p> <p><span style="font-weight: 400;">The transfer comes after the lending protocol was drained of</span> <a href="https://www.theblock.co/post/219196/euler-finance-flash-loan-attacked-for-an-estimated-197-million"><span style="font-weight: 400;">$197 million</span></a><span style="font-weight: 400;"> in a flash loan attack earlier this week. </span><span style="font-weight: 400;">Sending funds to a mixer is a common tactic used by cyber criminals to make it harder for law enforcement to track and recover stolen crypto.</span></p> <p><span style="font-weight: 400;"> In Euler's case, the laundering development could be significant. </span><span style="font-weight: 400;">In an earlier <a href="https://etherscan.io/tx/0x8f2b61a0c70012df1e3d918e7ac6486a1c332a9e530f3d4061735c6620f960d9">on-chain message</a>, Euler had offered a 10% bounty ($19.7 million) to the attacker to return the remaining 90% of the stolen funds. This is a common strategy used by crypto projects to incentivize hackers to return assets. Euler warned the perpetrator that if funds were not returned, it would launch a $1 million reward for information on the attacker.</span></p> <p><span style="font-weight: 400;">It remains to be seen if the attacker will accept the offer, but the high value of the bounty could make it appealing for them to return the funds instead of risking legal consequences. However, offering a bounty does not guarantee that the funds will be returned.</span></p> <h2>'Change their mind'</h2> <p><span style="font-weight: 400;">Social media commentators <a href="https://twitter.com/milkyway16eth/status/1636181277970771969">suggested</a> that the transfer of funds indicates the attacker may not return any assets. However, BlockSec was more circumspect.</span></p> <p><span style="font-weight: 400;">"The amount of money they laundered at this moment does not have a direct relationship with whether the attacker will return the 90% of assets asked for by Euler. The attacker can return the assets if they want, but they may also change their mind," Matthew Jiang, director of security services at BlockSec told The Block.</span></p> <p>Another noteworthy development was that one of Euler's victims sent an on-chain <a href="https://etherscan.io/tx/0xbe21a9719a4f89f7dc98419f60b247d69780b569cd8869c0031aae000f98cf17">message</a> to the attacker's address requesting a return of the funds. The victim claimed they had deposited 78 wrapped staked ether (wstETH) worth $140,000 into Euler, which they claimed was their entire life savings. Surprisingly, the attacker <a href="https://etherscan.io/tx/0xcc8edbe70d22176e90027bb07047b5cc7541b169ef9ef71ae6d6793f344b8bc5">returned</a> 100 ETH ($165,000) to the victim, more than what was asked. BlockSec said on-chain <a href="https://metasleuth.io/result/eth/0x2af24e5575045a582d9c53febd48724473e67407?source=bd57d0b8-ffdc-4f0e-9c38-de2ae6af8a00">analysis</a> suggests that the person was a genuine victim based on interactions with Euler.</p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>