top of page
  • K Kim and M Bacina

Euler Finance Hacker returns over 58,000 Stolen ETH

Euler Finance, a non-custodial, decentralized borrowing and lending protocol was exploited on March 13 in the largest DeFi hack of 2023, with a hacker stealing nearly $200 million from the protocol. The hacker used a flash loan by deceiving the protocol into assuming it had varying amounts of eToken and dToken. Stolen crypto assets included Dai, Wrapped Bitcoin, Staked Ether and USD Coin. Since the incident, the hacker had attempted to reach an agreement with Euler, commenting:

No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement.

Euler’s attempt to negotiate with the hacker, requesting return of 90% of the stolen assets within 24 hours was met with silence. It has since been reported that Euler offered a public $1 million bounty reward for any information that may assist in capturing the hacker or recovery of funds. It has been reported that the hacker had laundered portions of the stolen funds via Tornado Cash, a now-blacklisted Crypto mixer which enables private transactions.

On March 25, an on-chain message was sent out from a wallet address holding 10 million of the DAI stolen, announcing their willingness to provide information about the hacker in exchange for 10% of the bounty reward offered by Euler. Another on-chain message was subsequently sent out from a different wallet address also associated with the hack, offering Euler to contact them for free information about the hackers. Although unconfirmed, it is currently speculated that there are multiple hackers involved in this flash loan attack.

However, in a series of unexpected transactions on March 25, the hacker returned over 58,000 stolen ETH to the protocol. It has also been reported that the hacker returned some ETH to a wallet address of one of the victims, following their on-chain message:

Please consider returning…I’m just a user that only had 78 wstETH as my life savings deposited into Euler.

While the motivation behind this return remains unknown, and the majority of the stolen funds have been returned, it remains to be seen whether the remaining assets still in the hacker’s control will be recoverable.


bottom of page