Euler Finance will hold talks with the exploiter about the recovery of funds

By: Henry Felix

Euler Finance will hold talks with the exploiter about the recovery of funds

March 21, 2023 6:15 AM

The exploiter of flash loans claims to have "no intention of keeping what is not ours" and want to "settle" with Euler Finance.

Euler Finance, an Ethereum-based lending platform, may be one step closer to recovering cash lost in a $196 million flash loan incident last week, with private conversations now underway with the exploiter.

On March 20, days after sending funds to a red-flagged North Korean address, the exploiter stated they now wish to "reach to an arrangement" with Euler in an on-chain message.

"We want to make this easy on all those involved. We have no intention of retaining what is not ours. Establishing secure communication. "Let us reach a deal," the exploiter remarked.


The last known public on-chain message sent to Euler by the hacker. Source: Etherscan

After several hours, Euler responded with its own on-chain message, recognizing the communication and requesting that the exploiter speak "in private," stating:

"The message has been received. Let's communicate privately on blockscan using the Euler Deployer address and one of your EOAs, over signed email at, or any other channel you like. Please respond with your preference."


Euler's most recent on-chain public message to the hacker. Source: Etherscan.

Euler has previously attempted to reach an agreement with the exploiter following the exploit, demanding that they restore 90% of the monies they stole within 24 hours or face legal penalties.

There was no reaction, so Euler issued a $1 bounty prize for any information leading to the exploiter's arrest and return of the funds 24 hours later.

While the exploiter's identity is unknown, the current language used by the exploiter may indicate that more than one individual is engaged.

Chainalysis, a blockchain analytics firm, tweeted on March 17 that a recent 100 Ether (ETH) transfer to a wallet address associated with North Korea could indicate that the breach was carried out by the "DPRK" — the Democratic People's Republic of Korea.

According to the firm, this could be an intentional attempt to mislead investigators.

Additional transactions from the exploiter's wallet address include 3000 ETH sent back to Euler Finance on March 18, as well as cash sent to cryptocurrency mixer Tornado Cash and an alleged victim of the exploit.


On March 20, another address contacted Euler on-chain, claiming to have discovered a "solid string of connections" that could assist them in determining who and where the exploiter was.