Ethereum-based decentralized finance (DeFi) protocol Euler Finance is willing to offer a $1 million reward for information on the attacker behind its recent $200 million exploit.

Euler, which has been sending messages to the attacker since the exploit, said in a recent on-chain message to the exploiter that if 90% of the stolen funds are not returned within 24 hours, it will be launching a $1 million reward “for information that leads to your arrest and the return of all funds.” 

While Euler has tried to communicate with the attacker since the exploit, the attacker is yet to respond to that protocol at the time of writing.

Euler Hacked for $200M

On Monday, Euler suffered an exploit, resulting in attackers making off with nearly $200 million. The hacker was able to carry out the attack by using a flash loan function to exploit a bug in one of the protocol’s smart contracts. The exploiter stole various tokens, including 8.87 million DAI, 849 WBTC, 85,690 stETH, and 34.4 million USDC.

According to a detailed analysis from blockchain security company Slowmist, the attacker executed the hack by using flash loans to deposit funds and then leveraged them twice to trigger the liquidation logic. The exploiter then donated the funds to the reserve address and carried out a self-liquidation to collect any remaining assets.

Slowmist explained that two major factors contributed to the success of the exploit. Firstly, the funds were donated to the reserved address without being subjected to a liquidity check, triggering soft liquidation. Lastly, the soft liquidation logic was triggered by high leverage, allowing the liquidator to obtain most of the collateral funds from the liquidated user’s account.

A Black Hat?

A well-known on-chain sleuth ZachXBT suggested that the attacker could be a black hat, thereby ruling out any chance of the protocol recovering the stolen funds by offering the exploiters a bounty.

According to ZachXBT, the exploiter is most likely the same person that recently exploited some random protocol on Binance Smart Chain (BSC) before moving the stolen funds from the proceeds through the now-sanctioned Ethereum mixer Tornado Cash.

Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!