Euler Finance hacker returns $90m of stolen funds

27 Mar 2023

Image: © Farknot Architect/

Ether tokens worth nearly $90m were transferred back to Euler Finance, but its unclear what the hacker plans to do with the remaining stolen funds.

The hacker behind a recent $200m exploit of Euler Finance has returned a large portion of the funds to the platform.

A transaction recorded on blockchain explorer Etherscan shows 51,000 Ether tokens were transferred from “Euler Finance Exploiter 2” back to Euler Finance. These tokens are worth nearly $90m at time of writing.

It is unclear why the hacker returned this portion of the stolen funds, or if there are plans to return more. There are reportedly other transactions showing some of the stolen funds being transferred to different accounts.

Earlier this month, the crypto platform launched a $1m reward to provide “additional incentive for information that leads to the Euler protocol attacker’s arrest” and the return of all funds. The UK-based platform has not commented on this recent development.

Euler Finance was first alerted to a series of odd transactions taking place on the platform on 13 March.

These transactions hinted that Euler Finance was being exploited by a flash loan attack, which is when an attacker exploits a vulnerability to borrow a large sum of money to manipulate the price of tokens, profiting from the changes.

At the time, Euler Finance said the attacker “exploited vulnerable code” which allowed it to create an “unbacked token debt position by donating funds to the protocol’s reserves”.

“As a result, the attacker was able to liquidate these underwater accounts and profit from the liquidation bonuses,” Euler Finance said on Twitter.

The company said that the vulnerability had been “on-chain” for eight months until it was exploited, despite a $1m bug bounty being in place.

There have been various reports of cryptocurrency hacks leading to large amounts of stolen funds. The biggest of these DeFi exploits appears to go to Ronin, the gaming-focused blockchain network that was hacked last March.

This hack led to approximately $625m worth of cryptocurrency being stolen. A month later, the US Treasury and FBI linked the incident to the North Korean hacker group Lazarus, which was previously blamed for the notorious WannaCry cyberattack in 2017.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic