KEY POINTS

  • Euler Finance hackers moved 100 ETH to a flagged address previously used by North Korean-linked actors
  • Some think the hack was executed by a North Korean-based group
  • Others believe the latest move is just a misdirection to confuse authorities

Malicious actors behind the Euler Finance hack, which was dubbed the largest decentralized finance (DeFi) attack in the crypto space in 2023, have reportedly moved stolen funds to a flagged address associated with a previous attack launched by North Korea-linked hackers.

Blockchain investigator Chainalysis revealed that 100 Ether (ETH) from Euler's stolen funds were transferred to a flagged address linked to North Korea.

"100 ETH stolen in Monday's #Euler Finance hack have moved to an address associated with a previous hack carried out by #NorthKorea-linked actors," Chainalysis tweeted, noting that "this may mean the Euler hack is the work of #DPRK [Democratic People's Republic of Korea] too, or could be a misdirection by other hackers."

Aside from the 100 ETH, hackers also moved 3,000 ETH to Euler Finance's deployer account without revealing the rationale behind it.

It is now unclear if the hackers are seriously considering to accept Euler's bounty reward worth $20 million or are just trolling with the DeFi.

Euler Finance, a permissionless borrowing and lending protocol on Ethereum, was attacked a few days ago and was drained of $197 million through six flash loans and a vulnerability – a major blow to the decentralized finance industry considering that the company is expected to be the next great building block in the sector after Compound and Aave.

Malicious actors borrowed huge funds from the lender and used Euler software vulnerabilities that had no collateralization in flash loans, which eventually helped them to manipulate the price of the token.

After completing the hack, the hackers moved some of the funds and used the crypto mixer Tornado Cash to cover their tracks.

Following the attack, Euler Labs CEO Michael Bentley revealed the system had undergone ten separate audits in a span of two years just to make sure its security was airtight.

Several blockchain security firms, including Halborn, Certora, Solidified, ZK Labs, Sherlock and Omnisica, performed smart contract audits on Euler Finance between May 2021 to September 2022.

A 3D printed model of men working on computers are seen in front of displayed binary code and words "Hacker" in this illustration taken, July 5, 2021.
A 3D printed model of men working on computers are seen in front of displayed binary code and words "Hacker" in this illustration taken, July 5, 2021. Reuters / DADO RUVIC

"I want to thank the security experts who are working on leads for the investigation, Bentley said, noting, "there is little I can say publicly about this, but I want everyone to know that there is a large team of world-class individuals doing all they can night and day."

The CEO also said that "Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited."