Euler Finance Exploiter Transfers $171K To Lazarus Group Wallet

• On March 13th, Euler Finance was hacked in a flash loan attack.
• An address tied to the exploiter of the Ethereum-based protocol sent 100 Ether to a wallet associated with Lazarus Group’s world-renowned Ronin network hack.
• Euler Finance had put in place a $1 million bug bounty two months prior to the exploit and 6 security firms conducted 10 separate audits over 2 years.

Interaction Detected Between Wallet Tied to Euler Finance Exploiter and North Korea’s Lazarus Group

On March 13th, an Ethereum-based lending protocol called Euler Finance was hacked in a flash loan attack. On-chain analyst Lookonchain detected an address tied to the exploiter of the protocol sent 100 Ether (approximately $171,700) to a wallet associated with Lazarus Group’s mammoth Ronin network hack.

Background on Lazarus Group

Lazarus Group is a state-sponsored cyber threat group linked to North Korea’s Reconnaissance General Bureau (RGB). The notorious collective was initially sanctioned by OFAC in 2019. It has been involved in several exploits such as the $625 million exploit of Axie Infinity’s Ronin network and last year’s $100 million Harmony bridge hack.

Euler Finance Security Protocols

Prior to the exploit, Euler Finance had put in place a $1 million bug bounty two months prior. In addition, over a period of two years, six security firms namely – Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica – conducted ten separate audits on the lending protocol according to Euler Labs CEO Michael Bentley.

Possibility of North Korean Involvement?

Although it is still unclear if there is any affiliation between North Korea’s state sponsored cyber threat group and Euler’s exploiter wallets due to this recent transaction — many community members had previously speculated that it could be connected.

Conclusion

The interaction between these two parties raises questions about whether or not North Korea could be behind this massive exploit or if they are merely just using this opportunity for their own benefit. Despite all these speculations however — no malicious intent has been proven yet as investigations are still ongoing