On March 27, on-chain data reveals that the creator of the March 13 Euler Finance hack returned an additional $26.5 million in Ether to the Euler Finance deployer account.
An address connected to the attacker sent 7,738.05 ETH, which was proven to be worth $13.2 million, to the Euler deployer account at 6:21 PM UTC. A further address linked to the attacker transmitted the exact same amount to the same deployer account within the same block, totaling 15,476.1 ETH (or around $26.4 million) which was refunded to the Euler team.
The first wallet then made a second transaction for $10.7 million worth of Dai stablecoin to the deployer account at 6:40 PM UTC. With this, the combined value of the three deals reaches about $37.1 million.
These two addresses have both received cash from the “Euler Finance Exploiter 2” account, which appears to indicate that they are under the control of the hacker.
These exchanges come after a prior return on March 25 of 58,000 ETH, which was valued at approximately $101 million at the time. Since the hack, the attacker appears to have returned a total of over $138 million in cryptocurrency.
Euler Finance hack
On March 13, a vulnerability in the Ethereum-based crypto lending platform Euler Finance allowed for the loss of over $195 million in ETH and tokens from its smart contracts. Several Ethereum ecosystem protocols relied on Euler in one way or another, and at least 11 protocols have declared that the attack caused them indirect damages.
A flawed function that gave the attacker the ability to contribute their lent Dai to a reserve fund is what caused the exploit, according to an investigation by Slowmist. The attacker was able to drive their own account into insolvency by making this donation. The original account was subsequently liquidated at a substantial discount using another account, allowing the attacker to make money off of this discount.
After emptying Dai through the initial attack, the attacker then carried out the same maneuver for several tokens, taking more than $196 million out of the protocol.