On-chain analyst Lookonchain detected an address associated with exploiters of the ethereum-based lending protocol that sent 100 ether (approximately $171,700) to a wallet linked to the Lazarus Group’s sprawling Ronin network hack.
While it's unclear whether the Euler developers are affiliated with the North Korean state-backed cyber threat group that has ties to North Korea's Reconnaissance General Bureau (RGB), the interaction is peculiar as many community members have previously speculated that the notorious collective Probably behind it.
Lazarus Group was originally sanctioned by OFAC in 2019 and has been involved in multiple attacks. In addition to the $625 million Axie Infinity's Ronin network breach, it also backed last year's $100 million Harmony bridge hack. On the other hand, Euler Finance was exploited in the flash loan attack on March 13.
Further investigation revealed that despite a $1 million bug bounty, the bug remained on-chain for eight months before being exploited. Over a two-year period, six security firms Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica conducted ten independent audits of the loan agreement, according to Euler Labs CEO Michael Bentley. In terms of risk assessment for these companies, Euler received "no higher than" "does not pose a significant threat."
Meanwhile, the team behind the protocol offered a $2 million bounty for information that would reveal the hacker's identity. Hours later, the attackers began moving funds in ten transactions through the encrypted mixer Tornado Cass.
