The Euler Finance hacker has returned a small portion of the $197 million worth of crypto stolen in the exploit.

On March 18, the Euler hacker sent 3,000 ETH, worth around $5.4 million at the time, back to the Euler deployer contract.

Blockchain security firm CertiK estimates that the hacker still holds 81,900 ETH and 43 million DAI in the wallet, amounting to around $191 million worth of assets.

The motive behind the transfer remains unclear at the time of writing. The Euler team acknowledged the receipt of these funds with a message encoded in a transaction sent to the hacker.

A few hours prior, Chainalysis found that the Euler hacker sent 100 ETH to a wallet address linked to North Korea’s Lazarus Group – the state-backed cybercrime unit behind the $540 million exploit of the Ronin cross chain bridge last year.

However, the general consensus among on-chain analysts was that this transfer was likely an attempt to mislead investigators looking to trace the hacker’s identity.

The Euler hacker moved $1.6 million of the stolen funds to coin mixer Tornado Cash on Thursday, after somewhat uncharacteristically returning 100 ETH to one of the exploit’s victims.

Euler is offering a $1 million bounty for any leads on the hacker’s identity that would lead to his arrest.

“There is little I can say publicly about this, but I want everyone to know that there is a large team of world-class individuals doing all they can night and day,” tweeted Euler Labs CEO Michael Bentley.