The exploiter originally drained $195 million worth of ETH and tokens from the protocol but has now returned around $138 million.
The architect of the March 13 Euler Finance exploit returned an additional $26.5 million worth of Ether (ETH) to the Euler Finance deployer account on March 27, on-chain data shows.
Another 13M for ze Euler team
— DCF GOD (@dcfgod) March 27, 2023
20M dai left in the wallet that sent this over
Let’s get it pic.twitter.com/rF8l6e7yYw
At 6:21 p.m. UTC, an address associated with the attacker sent 7,738.05 ETH (worth approximately $13.2 million at the time it was confirmed) to the Euler deployer account. In the same block, another address associated with the attacker sent an identical amount to the same deployer account, for a total of 15,476.1 ETH (around $26.4 million) returned to the Euler team.
Then, at 6:40 p.m. UTC, the first wallet sent another transaction to the deployer account for $10.7 million worth of Dai (DAI) stablecoin. This brings the total of all three transactions to approximately $37.1 million.
Both of these addresses have received funds from the account that Etherscan labels “Euler Finance Exploiter 2,” which seems to imply that they are under the control of the attacker.
These transactions follow a previous return of 58,000 ETH (worth over $101 million at the time) on March 25. In total, the attacker appears to have returned over $138 million worth of crypto assets since the exploit.
Ethereum-based crypto lending protocol Euler Finance was exploited on March 13, and over $195 million worth of ETH and tokens were drained from its smart contracts. Several protocols within the Ethereum ecosystem depended on Euler in one way or another, and at least 11 protocols have announced that they have suffered indirect losses from the attack.
According to an analysis by Slowmist, the exploit occurred because of a faulty function that allowed the attacker to donate their lent DAI to a reserve fund. By making this donation, the attacker was able to push their own account into insolvency. A separate account was then used to liquidate the first account at a steep discount, allowing the attacker to profit from this discount.
After draining DAI through this first attack, the attacker then repeated it for multiple tokens, removing over $196 million from the protocol.