Addresses associated with a recent exploit of the Euler DeFi protocol, and last year’s hack of Axie Infinity’s Ronin network are interacting and nobody knows why.
On-chain data first spotted by Look on Chain shows that an address controlled by the entity that exploited Euler Finance’s protocol has sent 100 Ether ($170,515) to a wallet associated with Lazarus Group’s Ronin network hack.
Euler Finance Exploiter transferred 100 $ETH to Ronin Bridge Exploiter(stole 173,600 $ETH and 25.5M $USDC).Ronin Bridge Exploiter was listed by #OFAC as Lazarus Group – the North Korean state hacking group.Are the two hackers the same person or was it intentional? pic.twitter.com/aPzOkSlXb6
— Lookonchain (@lookonchain) March 17, 2023
It’s unclear if Lazarus Group is also behind the attack, or if there’s any sort of affiliation with them and the entity that exploited Euler Finance.
The U.S. Department of the Treasury added Lazarus Group to its list of designated entities in April. In January, the Federal Bureau of Investigation (FBI) said that Lazarus Group, along with fellow North Korean hacking squad APT38, were responsible for the theft of $100 million in crypto assets from Horizon Bridge.
In total, Euler Finance was exploited for nearly $200 million in crypto largely denominated in DAI, wrapped bitcoin, staked ether (sETH), and USDC.
It’s important to note that the attacker behind the exploit didn’t necessarily “hack” it, or break its code to intrude inside, but rather manipulated internal markets via a flash loan to drain its treasury.
In October 2022, a similar scheme was used to manipulate the Solana-based protocol Mango Markets to drain its treasury. The individual behind the exploit, Avraham Eisenberg, was arrested in Puerto Rico in late December.
The price of Euler’s token, EUL, is currently trading for $1.85 according to CoinGecko. It’s down nearly 74% over the past week.