The hacker behind the $196 million exploit on lending protocol Euler Finance has returned the majority of the stolen assets, according to on-chain data.
In a transaction on March 25, the exploiter returned 51,000 Ether (ETH) worth around $88 million at the time of writing. A second transfer of 7,737 ETH was made on the same day, worth over $13 million. Previously, on March 18, the hacker sent 3,000 ETH to the protocol, worth nearly $5.4 million at the time. The exploiter still controls some of the stolen assets.
On March 13, the hacker carried out multiple transactions, stealing nearly $196 million from the protocol in a flash loan attack dubbed the largest decentralized finance (DeFi) hack of 2023. Stolen assets include 8.8 million Dai (DAI), 849,000 Wrapped Bitcoin (WBTC), 85 million Staked Ether (stETH), and 34 million USD Coin (USDC).
A few days after the hack, the exploiter sent an on-chain message to Euler calling for an agreement with the protocol. “We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement,” they said.
Related: Euler attack causes locked tokens, losses in 11 DeFi protocols, including Balancer
The protocol had previously tried to negotiate with the exploiter, requesting that they return 90% of the funds they stole within 24 hours or face legal action. No response was received, and 24 hours later, Euler offered a $1 million bounty reward for any information leading to the capture of the exploiter.
The hacker has made other transactions, including a transfer of 1,000 ETH Smart Staking (NETH), worth approximately $1.65 million at the time, through sanctioned crypto mixer Tornado Cash.
According to blockchain analytics firm PeckShield, around 100 ETH was sent to a wallet address likely owned by one of the victims. An on-chain message sent by the wallet address had earlier pleaded for the attacker to return their “life savings.“