Euler Finance exploiters, who held $200 million in stolen funds in their wallets, received an on-chain note on Tuesday from a wallet address linked to the Ronin Bridge attackers, known as the North Korean hacking group Lazarus.
The note includes an encrypted message with the sender requesting an Euler exploit to decrypt the message with a private key. Experts believe that this is an attempt to trap the Euler hacker in a phishing scheme to drain the stolen funds from the wallet by stealing login credentials.
It is not the first time two hackers interact with each other. On March 17th, the Euler exploiter sent 100 Ethereum to the Ronin attacker.
Euler Finance is an Ethereum-based crypto lending platform that allows users to borrow and lend a variety of crypto assets. First, the non-custodial DeFi protocol was exploited on March 13, causing a loss of around $200 million. Since then, the victim company has been talking to the hacker through on-chain communication to complete the deal, asking the hacker to return the funds.
Interestingly, the hacker cooperated with Euler Finance, as data observed by blockchain analytics company Arkham Intel suggests. The security company claims that the exploit has yielded 3,000 ETH (about $5.4 million) to Euler Finance.
The deal is almost done with the hackers, as seen in an on-chain message dated March 20. But the entry of the Lazarus hacker group has caused confusion in the community about what the next hacker will do.
Euler Finance Beware of Hackers Possible Phishing Attempts
Shortly after a wallet address linked to the Lazarus group sent a message to hackers, developers from Euler Finance reached out to the chain to warn exploiters of phishing attempts. The developer advises the hacker to return the stolen funds and interact more with the separate messages they read;
Do not attempt to view these messages under any circumstances. Do not enter your private key anywhere. Be aware that your machine can also be compromised.
Lazarus is a hacker group known to have ties to North Korea that targets the crypto space in support of its secret nuclear program.
In addition, speaking about the latest message by the Lazarus group hacker, Hudson Jameson, a senior developer on the Ethereum network, stated;
In my opinion, it is not known why they ask, but it can definitely be an attempt to see if the Euler hacker falls for a phishing attempt.
Euler’s team is still trying to negotiate with the exploiter to send the stolen funds back. The problematic project offered hackers $20 million as a reward, but the offer was rejected, according to data found by a blockchain security company. PeckShield.
Option images from Pixabay and charts from TradingView.com