North Korea’s Lazarus Group Could Be Behind Euler Finance Hack, Here’s Why

Euler Fianance protocol was attacked almost a week ago, which resulted in a loss of more than $180 million. And though the attacker behind the scheme is yet to be certainly identified, popular on-chain analyst Lookonchain has recently reported data hinting at who could be behind the hack. 

According to data from Lookonchain, the Euler Finance hacker sent 100 Ether (ETH) to a wallet address linked to the previous Ronin network bridge exploit which took place last year. The Ronin network is an underlying blockchain for the popular crypto game Axie Infinity.

After the network bridge was exploited last year for roughly $625 million, accounting for the second-largest attack on the developing crypto market, the Office of Foreign Assets Control (OFAC) was able to trace the exploiter address and listed it as a hack from North Korean Notorious Hacking Group Lazarus. 

Related Reading: DeFi Hack: Euler Finance Pushes to Recover Funds After Blocking Vulnerable Module

Now, a year later, this same Ronin bridge exploiter address is seen receiving 100 ETH from the Euler Finance Hacker. Could this mean the Lazarus group was also behind the Euler Finance attack?

Lazarus Group Or Not?

The connection between the two addresses intersecting with each other has baffled the crypto community and also sparked speculation that the Lazarus group is expanding its targets in the cryptocurrency space as well as its methods of laundering and transferring funds. 

According to a report from blockchain analytics firm Peckshield, as of March 16, the Euler Finance flash loan exploiter moved a portion of the stolen funds – a total of 1,000 ETH tokens worth nearly $1.65 million, via an intermediary address to the famous crypto mixer, Tornado Cash.

Notably, it is still not certain yet whether the Lazarus group is behind the Euler Finance protocol hack as the 100 ETH transfer can be either a false flag, decoy, or a random occurrence that does not imply an intentional conspirational relationship between both addresses. 

However, because the sender of the Ethereum transaction split the funds into smaller amounts using a smart contract to allocate to different wallets which include that of the address of the exploiter of Solana-based decentralized finance (DeFi) protocol, Mango Markets, suggests that this whole transfer could certainly be a decoy to lure legal forces away from the actual attacker. 

Run Down On The Euler Finance Hack

It was last week when the attack on the Euler protocol took place and on-chain security firm Certik Alert initially reported the incident on Twitter, revealing that the bad actors had stolen 41 million DAI and still counting. It went further to warn users to be alert as the exploit was still ongoing at the time of the tweet. 

A few hours later, Certik posted an update that the hacker stole over $195 million from Euler Finance. It revealed that the assets comprise 96,800 ETH and 43.6 million DAI stablecoins, making it the largest exploit so far in 2023.

In response, the Euler Finance team has assured users of working to stop the exploit. The firm revealed that it had brought law enforcement and security professionals to the matter and will update the community soon. 

Euler Finance token price chart on TradingView
Euler Finance token price is moving sideways on the 4-hour chart. Source: EUL/USDT on TradingView.com

Meanwhile, the Euler Finance native token EUL is still suffering from the panic selling of investors from the hack. Over the past 7 days, EUL has plummeted by over 70%, and it is still moving in a downward trend, down by 5% in the last 24 hours despite the global crypto market’s bullish trend.

Featured image from Unsplash, Chart from TradingView

Source: https://bitcoinist.com/north-korea-lazarus-group-behind-euler-finance-hack/