Wallet Tied to Euler Exploit Sends 100 Ether to Lazarus Group

Addresses associated with a recent exploit of the Euler DeFi protocol and last year’s hack of Axie Infinity’s Ronin network are interacting and nobody knows why.

On-chain data first spotted by Lookonchain shows that an address controlled by the entity that exploited Euler Finance’s protocol earlier this week has sent 100 ether (ETH), worth $170,515 at current prices, to a wallet associated with Lazarus Group’s Ronin network hack.

It’s unclear if Lazarus Group is also behind the attack, or if there’s any sort of affiliation with the organization and the entity that exploited Euler Finance.

The U.S. Department of the Treasury added Lazarus Group, to its list of designated entities last April. In January, the Federal Bureau of Investigation said that Lazarus Group, along with fellow North Korean hacking squad APT38, was responsible for the theft of $100 million in crypto assets from Horizon Bridge. Lazarus Group is a cybercrime organization run by the North Korean government.

In total, Euler Finance was exploited for nearly $200 million in crypto largely denominated in DAI, wrapped bitcoin (WBTC), staked ether (sETH) and USDC.

The attacker behind the exploit didn’t necessarily “hack” it, or break its code to intrude inside, but rather manipulated internal markets via a flash loan to drain its treasury.

Last October, a similar scheme was used to manipulate the Solana-based protocol Mango Markets to drain its treasury. The individual behind the exploit, Avraham Eisenberg, was arrested in Puerto Rico in late December.

The price of Euler’s token, EUL, was recently trading at $1.85, according to CoinGecko. It’s down nearly 74% over the past week.