Suspected North Korean Involvement in Euler Finance Hack
The crypto community has been closely following the biggest decentralized finance (DeFi) hack of 2023, which saw Euler Finance fall victim to a $197 million loot on-chain.
Out of the series of transfers made by the hacker, one transaction of 100 Ether was allegedly sent to an address associated with North Korea-linked actors.
Chainalysis, the blockchain investigator, has identified that 100 ETH from Euler’s stolen funds was transferred to an address flagged in an older hack with links to North Korea. However, while Chainalysis has suspected the involvement of North Korea in the Euler Finance hack, it has highlighted the possibility of misdirection by other hackers.
100 ETH stolen in Monday's #Euler Finance hack have moved to an address associated with a previous hack carried out by #NorthKorea-linked actors. This may mean the Euler hack is the work of #DPRK too, or could be misdirection by other hackers. We'll share more details as possible https://t.co/DxvGsc90Z8 pic.twitter.com/5QPphNTyYY
— Chainalysis (@chainalysis) March 17, 2023
Euler Labs CEO displeased with the $197 million hack
Euler Labs CEO Michael Bentley has expressed his displeasure with the $197 million hack, revealing that ten separate audits conducted over two years assured its security. Despite the extensive security measures, the hacker still managed to find a way to exploit a vulnerability in the smart contract of Euler Finance, leading to the massive theft.
Smart contract audits conducted on Euler Finance
To ensure the security of its platform, Euler Finance underwent smart contract audits from various blockchain security firms, including Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica. The audits were conducted from May 2021 to September 2022. Despite the audits, the vulnerability that allowed the hacker to siphon off the funds was still present, underscoring the need for continued vigilance in the face of persistent threats in the crypto space.
Unclear intent of the hacker
The hacker also transferred 3,000 ETH to Euler’s deployer account without disclosing their intent. However, no other transfers were made after that at the time of writing. It is unclear whether the hacker was trolling or genuinely considering accepting Euler Finance’s bounty reward of $20 million.
The Euler Finance hack highlights the need for heightened security measures and vigilance in the crypto space. As the industry continues to grow and evolve, it is essential to remain proactive in identifying and mitigating potential vulnerabilities that could be exploited by hackers.