- The Ronin Bridge exploiter received 100 Ethereum (ETH) worth $170,468 from the Euler Financial exploiter.
- Tornado Cash, a known shuffling mechanism, was used by the attackers to hide their activities at Euler Finance.
Before coming under attack for $196 million, ethereum-based lending system Euler Finance was rated “nothing more than low risk” in ten independent audits conducted over two years.
Following Euler’s $196 million quick loan raid on March 13, Michael Bentley, CEO of Euler Labs, wrote about the “toughest days” of his life in a series of tweets on March 17.
he retweeted One user who shared information about Euler receiving 10 audits from six different companies, said the platform “has always been a security-oriented initiative,” adding that he retweeted the person.
Euler Financial’s smart contracts were audited between May 2021 and September 2022 by blockchain security firms Halborn, Solidified, ZK Labs, Certora, Sherlock, and Omnisica.
Additionally, on March 17, the Ronin Bridge exploiter received 100 Ethereum (ETH) worth $170,468 from the Euler Financial exploiter. lukanchainAsked a question Whether the transfer was unintentional or indicates that the two hackers were the same person.
In calculating the “likelihood of a security incident” and potential impact, Halbourne evaluated its risk assessment, with risk levels ranging from very low and informative to significant. Euler received “nothing but little exposure”.
A summary of the Halbourne audit from December 2022 said it had produced “an overall satisfactory result”.
According to the report, Halborn “observed and studied” 23 smart contracts over a month, but found only “two low risks and three informational risks.”
After reviewing Halborn’s insurance, Euler claimed to have concluded that the hazard was “not a serious hazard.”
There are rumors that the infamous North Korean hacking group Lazarus, which was linked to the Ronin Bridge attack, is also responsible for the Euler financial exploit.
However, the transaction does not provide conclusive evidence of the relationship of the parties. The Euler Finance attackers attempted to hide their transactions using Tornado Cash, a recognized shuffling mechanism. Furthermore, the attacker sent 100 ETH to one of the victims of the exploit.
With only 24 hours to go before the reward, Euler warned that if 90% of the funds were not returned within that time, he would launch a “protest that would lead to his arrest and restitution of all funds.”
Additionally, blockchain security firm Omnisica corrected several “misconceptions” in Euler’s core exchanger implementation and the way exchange modes are “managed by the codebase.”
The study claimed that Euler had “completely resolved” these issues and that there were “no outstanding difficulties” at this point.