- Lazarus sent Euler’s exploiter an on-chain note, requesting they decrypt an encrypted message
- It's likely a phishing scam, hacker holds almost $200M stolen from Euler in his wallet
In yet another glitch in Euler Finance’s efforts to recover their $200 million in stolen crypto, a wallet associated with North Korea’s Lazarus Group may be trying to scam the Euler hacker, CoinDesk wrote.
Lazarus was behind the Ronin exploit
It is assumed the North Korean Lazarus Group was behind the Ronin bridge exploit, in which $625 million was stolen from Axie Infinity. The monumental hack took place in March last year.
According to insiders, the Lazarus Group has waged a multibillion-dollar war on entities in the crypto space, with the proceeds being used to fund North Korea’s arms program.
Untypical phishing attempt
On Tuesday, Lazarus sent Euler’s exploiter an on-chain note, requesting they decrypt an encrypted message. According to Euler developers, the note was a phishing scam trying to steal the credentials for the Euler hacker’s wallet.
Twitter started buzzing with news of the unusual exchange between the crypto hackers, raising the alarm at Euler Finance, which has been trying to recover the hundreds of millions it lost over the past few days. Euler is a crypto lending platform running on top of the Ethereum Mainnet.
How did Euler react?
Euler Finance developers reacted minutes after “their” hacker received the message from the Ronin hacker’s wallet. They advised caution in approaching the coded message, hinting that giving the money back was the simpler way out. Euler is negotiating with the exploiter to return the funds and offering a reward.
In a separate message, Euler developers warned their hacker not to try to view the message under any circumstances and to protect their private key. They assume his software was compromised as well.
The experts’ take
Ex-Ethereum Foundation developer Hudson Jameson also thinks the messages could be an attempt to get the Euler hacker to fall for a phishing scam. According to security expert Stephen Tong, the encrypted message might contain an “offer,” but it may be too risky to try to find out.