Euler exploiter returns $5.4 million in ETH to DeFi protocol

Quick Take

  • Euler Finance exploiter returned 3,000 ETH to the DeFi protocol on Saturday.
  • They drained $197 million from the protocol in a flash-loan attack on Monday.

The exploiter of Euler Finance returned 3,000 ether (ETH) worth about $5.4 million to the DeFi lending protocol on Saturday, according to tweets from on-chain sleuth ZachXBT.

The return indicates the exploiter may have reached a deal with Euler Finance after stealing $197 million from the protocol on Monday.

Euler Finance offered a 10% bounty ($19.7 million) to the attacker on Tuesday to return the remaining 90% of the stolen funds. It warned the attacker that if the funds were not returned within 24 hours, it would launch a $1 million reward for information that would lead to their arrest and the return of all funds.

Euler lost the $197 million in a flash-loan attack. Flash loans allow DeFi users to borrow large amounts of funds against zero collateral, but the loans must be repaid before the transaction ends. The Euler attacker drained $136 million of staked ether (stETH), $34 million of USDC, $19 million of wrapped bitcoin (WBTC) and $8.7 million of DAI from the protocol.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Then they transferred 1,100 ETH ($1.8 million) to the cryptocurrency mixer Tornado Cash in an attempt to launder the stolen funds.

It remains to be seen whether the attacker returns the rest of the funds. "They stopped at 3k ETH so could be trolling again," tweeted ZachXBT. "They were [previously] trolling with that transaction to Lazarus."

On Friday, an address controlled by the Euler attacker sent 100 ETH (around $170,500) to a wallet associated with Lazarus Group's Ronin network hack, according to Lookonchain. The U.S. Department of the Treasury added Lazarus Group, a North Korean hacking group, to its list of designated entities in April last year.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Yogita Khatri is a senior reporter at The Block, covering all things crypto. As one of the earliest team members, Yogita has played a pivotal role in breaking numerous stories, exclusives and scoops. With nearly 3,000 articles under her belt, Yogita holds the records as The Block's most-published and most-read author of all time. Prior to joining The Block, Yogita worked at crypto publication CoinDesk and The Economic Times, where she wrote on personal finance. To contact her, email: [email protected]. For her latest work, follow her on X @Yogita_Khatri5.


To contact the editor of this story:
Mike Millard at
[email protected]