Interaction Detected Between Wallet Tied to Euler Finance Exploiter and North Korea’s Lazarus Group

Published on 17 March 2023 at 14:56

Days after Euler Finance was hacked, an interesting interaction was picked up from one of the exploiter wallets. 


On-chain analyst Lookonchain detected an address tied to the exploiter of the Ethereum-based lending protocol sent 100 Ether (approximately $171,700) to a wallet associated with Lazarus Group’s mammoth Ronin network hack.

While it is still unclear if the Euler exploiter is affiliated with the North Korean state-sponsored cyber threat group linked to the North Korean Reconnaissance General Bureau (RGB), the interaction is peculiar as many community members had previously speculated that the notorious collective could be behind it.

  • Lazarus Group was initially sanctioned by OFAC in 2019 and has been involved in several exploits. In addition to the $625 million exploit of Axie Infinity’s Ronin network, it was also behind last year’s $100 million Harmony bridge hack.
  • Euler Finance, on the other hand, was exploited in a flash loan attack on March 13th.
  • Further investigation revealed that the vulnerability remained on-chain for eight months prior to the exploit despite a $1 million bug bounty in place.
  • Over a period of two years, six security firms namely  – Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica – conducted ten separate audits on the lending protocol, according to Euler Labs CEO Michael Bentley.
  • Euler received “nothing higher than low” that “pose no significant threats” in terms of risk assessment by these firms.
  • Meanwhile, a $2 million bounty was offered by the team behind the protocol for information to uncover the hacker’s identity. Hours later, the attacker started moving funds through the crypto mixer Tornado Cass in ten transactions.


«   »

Add comment


There are no comments yet.