Table of Contents
The hacker who exploited the DeFi protocol has turned down the platform’s offer of retaining 10% by mixing 1000 ETH in Tornado Cash.
Hacker Mixes 1000 ETH
The perpetrator of the flash loan attack, which siphoned off $200 million worth of assets from the Euler Finance platform, has rejected a sizeable bounty offer, instead choosing to keep their stolen funds. On March 16, they mixed 1,000 ETH (worth nearly $1.65 million) through Tornado Cash, through ten transactions, by sending 100 ETH in each to an intermediate address. The hacker now has 1500 ETH in the wallet address that orchestrated the attack. Since they have decided to obfuscate 1000 ETH through a mixer tool, law enforcement agencies have a much harder task to nail them down using conventional tracking methods.
Hacker Rejects 10% Offer
Earlier this week, the protocol was subjected to a flash loan attack, which exploited a vulnerability in the code that had been present for over eight months. The vulnerability existed in the protocol’s donation mechanism, allowing the hacker to steal $8.7 million in the DAI stablecoin, $18.5 million in Wrapped Bitcoin (WBTC), $135.8 million in Staked Ethereum (stETH), and $33.8 million in USDC.
Soon after, the team offered the hacker a 10% bounty with a plea to return the remaining funds. This meant that the hacker would retain 10% of the stolen funds, which is around $20 million, and return the remaining $180 million. The lending platform had also stated that if 90% of the funds were not returned to the protocol, a $1 million reward would be offered to anyone who could provide pertinent information to track down the hacker and the stolen funds.
A Robinhood Hacker?
24 hours after the announcement from the Euler team, blockchain security firm PeckShield reported that the hacker clearly rejected this proposal and had chosen to retain the stolen funds for themselves. However, it is interesting to note that the hacker transferred some funds to an investor who had directly messaged them to accept the bounty offer. Another security firm Certik released the message from the individual, which stated that they were not a whale investor and had put their entire life savings of 78 wstETH, into the Euler Finance protocol. Although the hacker did not return the funds as requested by the investor, they transferred 100 ETH to their wallet address.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.