Euler exploiter returns $5.4 million in ETH to DeFi protocol

The exploiter of Euler Finance returned 3,000 ether (ETH) worth about $5.4 million to the DeFi lending protocol on Saturday, according to tweets from on-chain sleuth ZachXBT.

The return indicates the exploiter may have reached a deal with Euler Finance after stealing $197 million from the protocol on Monday.

Euler Finance offered a 10% bounty ($19.7 million) to the attacker on Tuesday to return the remaining 90% of the stolen funds. It warned the attacker that if the funds were not returned within 24 hours, it would launch a $1 million reward for information that would lead to their arrest and the return of all funds.

Euler lost the $197 million in a flash-loan attack. Flash loans allow DeFi users to borrow large amounts of funds against zero collateral, but the loans must be repaid before the transaction ends. The Euler attacker drained $136 million of staked ether (stETH), $34 million of USDC, $19 million of wrapped bitcoin (WBTC) and $8.7 million of DAI from the protocol.

Then they transferred 1,100 ETH ($1.8 million) to the cryptocurrency mixer Tornado Cash in an attempt to launder the stolen funds.

It remains to be seen whether the attacker returns the rest of the funds. "They stopped at 3k ETH so could be trolling again," tweeted ZachXBT. "They were [previously] trolling with that transaction to Lazarus."

On Friday, an address controlled by the Euler attacker sent 100 ETH (around $170,500) to a wallet associated with Lazarus Group's Ronin network hack, according to Lookonchain. The U.S. Department of the Treasury added Lazarus Group, a North Korean hacking group, to its list of designated entities in April last year.