- Euler Finance hackers transferred 100 ETH to an address linked with North Korean hackers.
- With experts mulling over the possibility of North Korean involvement, others say it could be a ploy to divert attention from the culprits.
- A $1 million bounty has been offered in return for the loot, but only 3,000 ETH has been returned.
As the industry reels from the shock of Euler Finance’s $197 million hack, new on-chain data reveals a transaction to a red-flagged North Korean address that threatens to open a can of worms.
After days of following the money trail of the Euler Finance hack, on-chain analytical firm Chainalysis disclosed that it has discovered a transfer made to an address linked to North Korean hackers. According to the firm, the hackers transferred 100 ETH to an address that played a role in the infamous Axie Infinity hack of 2021.
The address appears to be controlled by the state-sponsored Lazarus Group, with a streak of multiple high-profile attacks under its belt. However, there are concerns that the transfers could be a ploy to throw investigators in the wrong direction as the hackers try to cover their tracks.
“100 ETH stolen in Monday’s Euler Finance hack have moved to an address associated with a previous hack carried out by North Korean-linked actors,” said Chainalysis. “This may mean the Eular hack is the work of DPRK too or could be misdirection by other hackers.”
Hours after the attack, Euler Finance announced a 1 million bounty for information leading to the arrest of the hacker and recovery of the funds. Since the announcement, only 3,000 ETH has been sent to the protocol’s deployer address with the hackers sending 1,000 ETH in three installments.
It remains unclear whether or not the rest of the funds will be returned, but with every passing hour, the chances of the funds being returned become even slimmer.
Despite being audited over nine times, Euler Finance fell victim to a flash loan attack with the hackers stealing nearly 200 million worth of tokens. A post-mortem revealed that the hackers used the crypto mixer Tornado Cash to obfuscate the movement of the funds.
North Korean hacking groups are on a rampage
North Korean hacking gangs have pilfered over $2 billion from the virtual currency industry since 2017, with the biggest loot being Axie Infinity’s Nomad Bridge hack.
Law enforcement agencies fingered the North Korean state-backed Lazarus Group as being responsible for the hack, while South Korean intelligence agencies blamed them for an attacking spree across the broader financial industry.
Given the wave of economic sanctions against North Korea, stolen virtual currency forms the bulk of its foreign reserves, which it deploys in the development of its nuclear missiles.