The drama surrounding the Euler Finance exploit refuses to die, as crypto Twitter played spectator to an interesting interaction between the North Korea-linked Lazarus Group and the hacker behind the exploit.
Is The Swindler Being Swindled?
Euler Finance’s attempts to recover its stolen assets, worth nearly $200 million, hit another roadblock as another player waded into the muddied waters. On Tuesday, a wallet linked to the North Korean hacking group, Lazarus, attempted to phish the hacker that stole the funds from Euler Finance in the first place. The drama played out as the “Ronin Bridge exploiter,” who had stolen a staggering $625 million worth of crypto from the hugely popular Axie Infinity, sent an on-chain note to the exploiter.
The note asked the exploiter to decode an encrypted message. However, experts were quick to point out that the message, in all probability, was a phishing scam intending to steal the credentials for the exploiter’s wallet. The Lazarus Group is a notorious hacking group with alleged links to North Korea. The group is often seen as targeting the crypto space, siphoning billions that are used to fund the rogue nation’s nuclear weapons program.
Alarm Bells Ring At Euler
The exchange between the two hackers sent alarm bells ringing at Euler Finance and saw a wave of confusion go over crypto Twitter. The protocol is in the midst of attempting to recover the stolen fund, and developers were understandably worried about the developments. Minutes after the Ronin hacker reached out to the Euler hacker, developers reached out to the latter with their own messages in an attempt to warn the hacker. They asked their own hacker to be vigilant and warned them against the purported decryption software, stating that the simplest thing to do would be to return the funds. In a separate interaction, they stated,
“Do not try to view that message under any circumstance. Do not enter your private key anywhere. Reminder that your machine may be also compromised.”
Is The Euler Hacker A Target?
The Ronin hackers’ attempts to reach out to the Euler hacker could be a veiled attempt to get access to the latter’s private key and steal the assets contained in the wallet. However, despite the speculation, the true motives of the message still remain unclear. A former developer at the Ethereum Foundation, Hudson Jameson, stated,
“In my opinion, it is unknown why they are asking, but it definitely could be an attempt to see if the Euler hacker falls for a phishing attempt.”
Others, such as the co-founder of security audit firm Zellic.io, Stephen Tong, speculated that the encrypted message could very well have contained an offer for the Euler hacker. However, he stated that this is something we could never know as the message could only be decrypted with the private key.
Meanwhile, Euler Finance continued its efforts to negotiate with the hacker, with the hacker responding that they wished to make it easy on those affected and had no intention of keeping what wasn’t theirs. The hacker concluded their message by stating that they would communicate shortly.
Or Was Lazarus Behind The Hack The Entire Time?
However, blockchain intelligence firm Chainalysis has stated that a tiny portion of the ETH stolen during the Euler hack was sent to an address that had received funds from the Lazarus Group. These funds were tied to the $625 million hack of the Ronin Bridge. Most of those funds were run through the Tornado Cash mixing service, and some funds used to launch the Euler attack also came from a Tornado Cash account.
However, Chainalysis added that it could be possible that the funds could be an attempt to misdirect others by another hacking group.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2023/03/hackers-cross-paths-as-lazarus-group-tries-to-phish-euler-hacker