Euler Finance, an Ethereum-based noncustodial lending protocol, has issued an ultimatum with the hacker who recently stole millions from its system. The protocol has asked the hacker to return 90% of the funds within 24 hours or they face legal action.
On March 14, Euler Labs issued an ultimatum to the flash loan attacker who had exploited the platform for $196 million: they were to return 90% of the funds within 24 hours or face a $1M reward being offered for information leading to their arrest and complete recovery of all funds. In addition, 0 Ether ETH was sent to the hacker alongside the message.
The day before issuing their threat to law enforcement, Euler sent the hacker a more civil message. It read: “We understand you are responsible for this morning’s attack on the Euler platform. We are writing to see whether you would be open to discussing any potential next steps.” They proposed that the hacker return 90% of the stolen funds, equating to $176.4 million, while keeping the remaining $19.6 million. However, many have noted that the hacker has little incentive to honor this agreement.
“If I were the hacker, I would reward $2 million to anyone who could track me down before notifying Euler,” one observer speculated. Another Twitter user responded, “Yeh, he has 200 Million, they have 2 Million – he wins in a bidding war!”
In response to the attack, Euler Labs affirmed that it was collaborating with law enforcement from the US and UK, utilizing blockchain intelligence platforms such as Chainalysis, TRM Labs, and the broader Ethereum community to help identify the hacker.
The lending platform quickly responded and blocked deposits and the donation function, which had been identified as vulnerable. Despite this, an exploit of its smart contract occurred on March 13. However, it is worth noting that any vulnerability in the code went undiscovered during their eight-month audit period before the attack.