One could think $20M is enough to live a prosperous life without consequences after a successful hack, but not in this case.
On March 16, the $200 million hack of the Euler Finance lending protocol took an unexpected turn when the perpetrator apparently rejected the offer of $20 million by mixing 1,000 ETH (worth $1.65 million) through Tornado Cash.
According to PeckShield, the attacker carried out ten transactions in Tornado Cash. In each one, they sent 100 ETH to an intermediate address. As a result, the hacker has now obfuscated 1,000 ETH in Tornado Cash and has 1,500 ETH in the address used to carry out the attack – which makes it extremely harder for Euler Finance (and the law enforcement agencies) to track the IRL.
#PeckShieldAlert @eulerfinance exploiter on the move— PeckShieldAlert (@PeckShieldAlert) March 16, 2023
~1,000 $ETH into Tornado Cash through intermediary address 0xc66d...c9ahttps://t.co/LAkY66YpoF pic.twitter.com/0XhQV1nbgn
$20 Million Were Not Enough
On March 15, Euler Finance publicly offered the attacker a deal in which they could keep 10% of the $200 million stolen if they returned the rest. Refusing to do so would end up in Euler Finance offering a reward of $1 million to anyone who provided information that led to their capture.
But according to on-chain data, the hacker didn’t care about Euler Finance’s suggestions and instead mixed the cryptocurrencies in Tornado Cash just a few hours after the proposal was made public.
But it was not all bad news; the hacker decided to send 100 ETH to one of the victims after their pleas. One of the users who lost their funds told the hacker that he was a humble person who could lose all the savings of his life if he rejected the reward offered by the protocol.
WOW!@eulerfinance Exploiter returned 100 $ETH to some guy who begged him for the money back as it was his life savingshttps://t.co/Gz9aCUZB0H pic.twitter.com/DhZBenqtuS— Wazz (@WazzCrypto) March 16, 2023
Euler Finance Lost $200M Through Flash Loan Attack
Euler Finance lost nearly $200 million at the beginning of the week after a vulnerability that had remained hidden for eight months was exploited.
According to the post-mortem report published by the cybersecurity firm Omniscia, Euler Finance’s auditing partner, the attack originated from a vulnerability in the protocol’s donation mechanism that allowed the hacker to create an over-leveraged position that, when liquidated in the same block, artificially caused it to sink, keeping $200 million divided into DAI, USDC, WBTC, and ETH.
Omniscia concluded that the attack arose from an incorrect donation mechanism introduced in the last protocol update (eIP-14), which they never analyzed.
“The EToken::donateToReserve feature that is at the crux of this vulnerability was not in scope of any audit conducted by Omniscia. As such, the code that causes the vulnerability was never in scope of any audit conducted by our team.”
At this point, it is unknown if the hacker intends to return the remaining ether to the protocol to avoid being hunted by white hackers, blockchain traceability companies, and even law enforcement.