Interaction Between Wallet Tied to Euler Hack and North Korean Group Detected

• The interaction between a wallet tied to Euler Finance’s exploiter and North Korea’s Lazarus Group was detected.
• Lazarus Group is a sanctioned North Korean state-sponsored cyber threat group linked to the Reconnaissance General Bureau (RGB).
• Euler Finance was exploited in a flash loan attack and the vulnerability remained on-chain for eight months prior to the exploit.

Exploiter Wallet Interaction with Lazarus Group

Days after Euler Finance was hacked, an interesting interaction was picked up from one of the exploiter wallets. On-chain analyst Lookonchain detected an address tied to the exploiter of the Ethereum-based lending protocol sent 100 Ether (approximately $171,700) to a wallet associated with Lazarus Group’s mammoth Ronin network hack. While it is still unclear if the Euler exploiter is affiliated with the North Korean state-sponsored cyber threat group linked to the North Korean Reconnaissance General Bureau (RGB), the interaction is peculiar as many community members had previously speculated that the notorious collective could be behind it.

Lazarus Group

Lazarus Group was initially sanctioned by OFAC in 2019 and has been involved in several exploits. In addition to the $625 million exploit of Axie Infinity’s Ronin network, it was also behind last year’s $100 million Harmony bridge hack.

Euler Finance Exploit

Euler Finance was exploited in a flash loan attack on March 13th. Further investigation revealed that the vulnerability remained on-chain for eight months prior to the exploit despite a $1 million bug bounty in place. Over a period of two years, six security firms namely – Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica – conducted ten separate audits on the lending protocol according to Euler Labs CEO Michael Bentley.

Bug Bounty

Despite having placed a $1 million bug bounty since August 2020 , Euler Finance’s vulnerability remained undetected until hackers took advantage of it earlier this week . The vulnerability allowed attackers access to funds stored as liquidity reserves within its smart contracts . It has not yet been determined how much money they were able to steal from users’ funds .

Conclusion

The case of Euler finance serves as an example for other DeFi protocols who must pay close attention when conducting their own audits and implement robust security measures if they are going remain competitive in this space .