On March 16, the $200 million hack of the Euler Finance lending protocol took an unexpected turn when the perpetrator apparently rejected the offer of $20 million by mixing 1,000 ETH (worth $1.65 million) through Tornado Cash.
According to PeckShield, the attacker carried out ten transactions in Tornado Cash. In each one, they sent 100 ETH to an intermediate address. As a result, the hacker has now obfuscated 1,000 ETH in Tornado Cash and has 1,500 ETH in the address used to carry out the attack – which makes it extremely harder for Euler Finance (and the law enforcement agencies) to track the IRL.
#PeckShieldAlert @eulerfinance exploiter on the move
~1,000 $ETH into Tornado Cash through intermediary address 0xc66d…c9ahttps://t.co/LAkY66YpoF pic.twitter.com/0XhQV1nbgn
— PeckShieldAlert (@PeckShieldAlert) March 16, 2023
$20 Million Were Not Enough
On March 15, Euler Finance publicly offered the attacker a deal in which they could keep 10% of the $200 million stolen if they returned the rest. Refusing to do so would end up in Euler Finance offering a reward of $1 million to anyone who provided information that led to their capture.
But according to on-chain data, the hacker didn’t care about Euler Finance’s suggestions and instead mixed the cryptocurrencies in Tornado Cash just a few hours after the proposal was made public.
But it was not all bad news; the hacker decided to send 100 ETH to one of the victims after their pleas. One of the users who lost their funds told the hacker that he was a humble person who could lose all the savings of his life if he rejected the reward offered by the protocol.
WOW!@eulerfinance Exploiter returned 100 $ETH to some guy who begged him for the money back as it was his life savingshttps://t.co/Gz9aCUZB0H pic.twitter.com/DhZBenqtuS
— Wazz (@WazzCrypto) March 16, 2023
Euler Finance Lost $200M Through Flash Loan Attack
As recently reported by CryptoPotato, Euler Finance lost nearly $200 million at the beginning of the week after a vulnerability that had remained hidden for eight months was exploited.
According to the post-mortem report published by the cybersecurity firm Omniscia, Euler Finance’s auditing partner, the attack originated from a vulnerability in the protocol’s donation mechanism that allowed the hacker to create an over-leveraged position that, when liquidated in the same block, artificially caused it to sink, keeping $200 million divided into DAI, USDC, WBTC, and ETH.
Omniscia concluded that the attack arose from an incorrect donation mechanism introduced in the last protocol update (eIP-14), which they never analyzed.
“The EToken::donateToReserve feature that is at the crux of this vulnerability was not in scope of any audit conducted by Omniscia. As such, the code that causes the vulnerability was never in scope of any audit conducted by our team.”
At this point, it is unknown if the hacker intends to return the remaining ether to the protocol to avoid being hunted by white hackers, blockchain traceability companies, and even law enforcement.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.