In a series of blockchain messages, the hacker behind Euler Finance's $200 million hack has returned over $120 million in ETH and Dai stablecoins to the network and apologized for their acts. In a message encoded in a transaction, the attacker identified themselves as Jacob and acknowledged tampering with other people's money, careers, and lives. Euler had previously threatened legal action and offered a $1 million reward to the hacker, who still has possession of some of the stolen assets.
The hacker carried out a flash loan attack on Euler on March 13, stealing over $196 million in total, including 8.8 million Dai, 849,000 Wrapped Bitcoin, 85 million Staked Ether, and 34 million Dollar Coin. The largest DeFi hack of 2023 resulted in the hacker returning over 58,000 ETH worth over $101 million to the protocol by March 25, despite the fact that they still control some of the stolen assets. The protocol had already attempted to negotiate with the attacker without success.
In a separate blockchain message, the attacker stated that they planned to refund the entire amount to Euler, indicating a change of heart. The attacker sent over 51,000 ETH and $10 million in Dai to the protocol over the weekend, totaling 7,000 ETH and $10 million in Dai. Euler has previously offered a $1 million payment for any information leading to the attacker's capture.
the euler exploiter has returned 51k ETH ($90m)
— ekin (@eking0x) March 25, 2023
https://t.co/RooIjugGsd
According to PeckShield, a blockchain analytics startup, around 100 ETH was sent to a wallet address that was most likely owned by one of the victims. An earlier on-chain message sent by the wallet address pleaded with the attacker to return their "life savings." Other transactions made by the hacker include a transfer of 1,000 ETH Smart Staking via the authorized crypto mixer Tornado Cash.
👀 https://t.co/4OBksAu9od pic.twitter.com/Zb3MIyex2f
— PeckShield Inc. (@peckshield) March 18, 2023
The attacker's return of funds and evident regret has been appreciated by the crypto community. The incident, however, emphasizes the necessity for increased security on DeFi platforms and the possibility of flash loan attacks. Despite the return of funds, it is unclear whether Euler will pursue legal action against the attacker.
