Euler Finance’s offer to hacker: Keep $20M or face the law

The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.

Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.

Euler Labs sent its ultimatum to the flash loan attacker who exploited the platform for $196 million by transferring the hacker 0 Ether (ETH) with an attached message on March 14:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

The threat of law enforcement comes as Euler sent the hacker a much more civil message the day before.

“We understand you are responsible for this morning’s attack on the Euler platform,” it read. “We are writing to see whether you would be open to speaking with us about any potential next steps.”

The request for a 90% fund return would see the hacker send back $176.4 million while holding onto the remaining $19.6 million.

However, many observers have noted that the hacker has very little to no incentive to follow through with the deal.

“If I was the hacker I’d simply say ‘to anyone who manages to track me down, I will give you $2 million not to tell Euler,’” one observer said.

“Yeh he has 200 Million they have 2 Million. He wins in a bidding war,” another Twitter user wrote in response.

Euler Labs said it was already working with law enforcement in the United States and the United Kingdom, along with engaging blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum community, to help track down the hacker.

Related: DeFi protocol Platypus suffers $8.5M flash loan attack, suspect identified

The lending platform added it was able to promptly stop the flash loan attack by blocking deposits and the “vulnerable” donation function.

As for the exploited code, the team explained that the vulnerability “was not discovered” in the audit of its smart contract, which had existed on-chain for eight months until bei exploited on March 13.


Leave a Reply

Your email address will not be published. Required fields are marked *