DeFi lending protocol Euler Finance offered malicious actors a deal to avoid prosecution.
On March 14th, a crypto lending platform Euler Finance offered hackers to return 90% of stolen funds within 24 hours and avoid prosecution. The deal would see hackers pocket 10% of the stolen $196 million, leaving hackers with about $20 million.
According to the transaction data on blockchain explorer Etherscan, Euler Finance transferred the hackers 0 Ether (ETH) with an attached message describing their offer.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is a Bitcoin & How Does it work? (Animated Explainer)
The message included in the transaction reads:
Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.
This threat came one day after Euler Finance sent the hackers an on-chain message with a more polite request.
We understand that you are responsible for this morning's attack on the Euler platform. We are writing to see whether you would be open to speaking with us about any potential next steps.
Euler Finance, a decentralized lending protocol on the Ethereum blockchain, suffered an attack on March 13th, resulting in $196 million being stolen.
The exploit was conducted in six transactions with hackers stealing funds in cryptocurrencies, like Dai (DAI), USD Coin (USDC), Wrapped Bitcoin (WBTC), and Staked Ether (stETH). Euler Labs confirmed the news on Twitter on March 13th.
In a report by Euler Finance’s auditing partner, Omniscia noted that attackers exploited a vulnerability in the platform’s smart contract. The attacker donated funds to Euler Finance’s reserve and created an unbanked token debt position. The attacker then liquidated the "underwater accounts" to receive liquidation bonuses.
Euler Finance explained that their auditing partner did not discover the vulnerability in the exploited code during the previous audits.
Euler Labs reported that they are working with the US and UK governments and a blockchain intelligence company to recover the funds.