The Euler Finance exploiter is on the move and is seemingly unfazed by the million-dollar reward on offer for information that would lead to their arrest.
In an update on Thursday, blockchain security firm CertiK alerted users to the Euler exploiter’s on-chain movements. The hacker sent 2500 ETH, worth around $4.13 million at the time, to a wallet labelled “Fake_Phishing76535.”
The attacker then moved 1,000 ETH worth $1.65 million to coin mixer Tornado Cash, leaving $2.47 million worth of ETH in the Fake Phishing address. The funds were moved to Tornado in batches of 100 ETH.
The funds were moved after Euler announced a $1 million bounty to any user that could provide details about the hacker, after they left an ultimatum presented earlier unanswered. Euler offered the hacker the option to keep 10% of the stolen funds, amounting to $20 million, in exchange for the option to avoid prosecution.
The Euler team sent the proposition through a series of messages encoded in blockchain transactions. Whether or not the hacker read them and chose not to act on it, they definitely acted on another message sent by a person claiming to be a victim of the exploit.
WOW!@eulerfinance Exploiter returned 100 $ETH to some guy who begged him for the money back as it was his life savingshttps://t.co/Gz9aCUZB0H pic.twitter.com/DhZBenqtuS
— Wazz (@WazzCrypto) March 16, 2023
The hacker transferred 100 ETH to the alleged victim, who claimed the amount he deposited in Euler was his life savings. In fact, the hacker sent him an additional 13.4 ETH, despite his original deposit request amounting to 78 wrapped staked ETH (worth 86.6 ETH).
DL News identified the victim to be Santiago Sanchez Avalos after connecting his wallet address to an account on OpenSea.
“I wasn’t actually looking for the return of my funds, I was trying to get him to understand there were common people involved and affected,” said Avalos, who also intends to transfer back any funds that don’t belong to him.
Unsurprisingly, what followed was an influx of messages to the hacker from other users claiming to be victims of the exploit. One person claimed to have lost 334 ETH on Euler, which was supposedly intended to be put toward his house. Another message claimed to represent 26 families from a “jobless rural area” who pooled their money together and lost $1 million worth of USDT.
The address is getting lots of these 'victim' messages now.. pic.twitter.com/fxK4NpBBt7
— YFarmX 🗞️ (@YFarmX) March 16, 2023