Euler Finance, an Ethereum-based lending protocol, is reportedly in private discussions with the exploiter behind a $196 million flash loan attack that occurred last week. The exploiter sent an on-chain message to Euler on March 20, claiming that they want to "come to an agreement" and return the funds. The message came days after the exploiter sent the funds to a red-flagged North Korean address.
Euler responded hours later with its own on-chain message, asking the exploiter to talk in private and acknowledging the message. Euler had previously attempted to cut a deal with the exploiter, asking them to return 90% of the stolen funds within 24 hours or potentially face legal consequences. When there was no response, Euler launched a $1 million bounty reward for information that could lead to the exploiter's arrest and the return of the funds.
The identity of the exploiter is unknown, but the recent language used by them could suggest that more than one person is involved. Blockchain analytics firm Chainalysis suggested in a tweet on March 17 that the hack could be the work of the "DPRK" - the Democratic People's Republic of Korea - due to a recent 100 ETH transfer to a wallet address associated with North Korea. However, this could also be an attempt to intentionally misdirect investigators.
Other transactions from the exploiter's wallet address include 3000 ETH, which was sent back to Euler Finance on March 18, along with funds sent to crypto mixer Tornado Cash and an apparent victim of the exploit. On March 20, another address reached out to Euler on-chain, claiming to have found a "solid string of connections" that could help them find out who and where the exploiter was.
The private discussions between Euler Finance and the exploiter could be a step closer to recovering the stolen funds. Euler is asking the exploiter to communicate through various channels, including blockscan, email, or any other preferred channel. The protocol remains optimistic about the situation and hopes to reach an agreement soon.