Euler hacker returns $31 million, marking end to ‘recoverable funds’ in DeFi exploit

Security • April 4, 2023, 2:45AM EDT
UPDATED: April 4, 2023, 2:33PM EDT
the block

Quick Take

  • The Euler Finance hacker has returned the outstanding $31 million, marking a successful end to recovery efforts.
  • Euler Finance suffered a flash loan-enabled attack on March 13 that resulted in a loss of $197 million worth of crypto assets.

The individual who hacked and pilfered Euler Finance, a decentralized lending project, has returned the remaining sum of $31 million. This has brought the project's recovery endeavors to a close.

At approximately 6:55 pm EST on Monday, the attacker sent back $31 million — comprising 10,580 ETH ($19 million) and $12 million in DAI — through three transactions. This brought the total value of the returned funds to over $177 million, which accounts for the expected "recoverable funds" from the hack after adjusting for the bounty previously offered by the project.

Euler Labs, the developer behind the affected project, confirmed the successful recovery in a recent Twitter post, stating: "Following successful negotiations, all of the recoverable funds taken from the Euler protocol on March 13th have now been successfully returned by the exploiter."

The return of these funds marks a rare instance of positive resolution in the DeFi space, where large-scale hacks have become increasingly common.

On March 13, Euler Finance was subject to a complex attack that leveraged flash loans, causing a loss of $197 million worth of crypto assets. To retrieve the stolen funds, Euler Finance offered the attacker a 10% bounty worth $19.7 million, with a warning to initiate a $1 million reward for information on the attacker if the remaining 90% of the funds were not returned.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Despite initial doubts when the hacker laundered $1.8 million through the crypto mixer Tornado Cash three days after the attack, the recovery process began on March 18 with the return of $5.4 million to Euler. 

Over the following days, the hacker continued to return funds at variable intervals. They returned the most-significant tranche of $102 million in ETH.

On 28 March, the hacker sent a series of on-chain messages to their address, using the input data to share messages with the public. In these messages, the attacker said they were "sorry" and promised to return the remaining funds as soon as possible.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Adam James at
[email protected]