Ethereum-based lending protocol Euler Finance could be a step closer to recovering the funds stolen in last week’s $196 million loan lightning attack, with private discussions now starting with the exploit.
In an on-chain message to Euler on March 20, a day after sending funds to a red-flagged North Korean address, the exploiter claimed he now wanted to “make an agreement” with Euler.
“We want to make this easy for everyone who is affected. We do not intend to keep what is not ours. Make communication safe. Let’s agree,” said the exploiter.
Hours later, Euler replied with his own on-chain message, acknowledging the message and asking the exploit to speak “in private,” stating:
“Message received. Let’s chat privately on blockscan through the Euler Deployer address and one of your EOAs, through a signed message via email at contact@euler.foundation, or any other channel of your choice. Answer with your choice.”
Euler has previously tried to cut a deal with the exploiter after the exploitation, insisting that they return 90% of the funds they stole in 24 hours or potentially face legal consequences.
There was no response, and 24 hours later, Euler launched a $1 reward for any information that could lead to the arrest of the exploit and the return of funds.
related: Euler attack causes locked tokens, losses in 11 DeFi protocols, including Balancer
When the identity of the exploiter is unknown, the new language used by the exploiter may indicate more than one person is involved.
In a March 17 tweet, blockchain analytics company Chainalysis said a recent transfer of 100 Ether (ETH) to a wallet address associated with North Korea could mean the hack was the work of the “DPRK” – Democratic People’s Republic of Korea.
However, it could also be an attempt to deliberately mislead investigators, the company said.
Another transaction from the exploiter’s wallet address included 3000 ETH, which was sent back to Euler Finance on March 18, along with funds sent to the crypto mixer Tornado Cash and was instead a victim of the exploit.
https://t.co/4OBksAu9od pic.twitter.com/Zb3MIyex2f
— PeckShield Inc. (@peckshield) March 18, 2023
On March 20, another address reached Euler on-chain, claiming to have found a “solid string of connections” that could help them figure out who and where the exploit was.
Cointelegraph reached out to the Euler Foundation for comment but did not receive an immediate response.