On Tuesday, Euler Finance’s efforts to recover roughly $200 million worth of stolen cryptocurrency were dealt yet another blow when it was discovered that a wallet connected to North Korean hackers had attempted to defraud the exploiter of the DeFi protocol.
The “Ronin bridge exploiter,” who was responsible for the theft of $625 million worth of cryptocurrency from the game Axie Infinity in March of last year, contacted Euler’s exploiter through an on-chain note and asked it to decrypt an encrypted message. Nevertheless, according to industry professionals that CoinDesk contacted with, the letter was a phishing scheme that attempted to steal the credentials for the wallet belonging to the Euler exploiter.
The odd transaction between one cryptocurrency hacker and another sparked consternation on crypto Twitter and set off alarm bells at Euler Finance, which was already several days into its own on-chain endeavor to retrieve the $200 million when the transaction occurred. Using the Ethereum blockchain, Euler is a decentralized marketplace for the borrowing and lending of cryptocurrency.
Known as the Lazarus Group, this cyber collective is rumored to have ties to North Korea. Observers have leveled accusations against Lazarus of mounting a multibillion-dollar campaign against the crypto world, with the revenues allegedly funding North Korea’s weapons program.
A few minutes after the Euler hacker wallet received a message from the Ronin hacker wallet, the developers working on the Ronin hacker wallet sought to intervene by sending their own messages to the Euler hacker wallet. They cautioned their own hacker to be aware of the alleged decryption software and advised him that returning the monies would be the easiest way out of this predicament.
The developers of Euler continued in a separate transaction by saying, “Under no circumstances should you attempt to access that communication.” Never enter your private key anywhere, under any circumstances. A gentle reminder that your computer might have been hacked as well.”
