Lazarus Group hackers target Euler Finance hacker

Hackers from the Lazarus Group, who hacked the Ronin blockchain bridge in March 2022 and stole assets worth $625 million from the Axie Infinity crypto project, tried to gain access to the crypto wallet of the hacker who stole almost $200 million from the Euler Finance protocol, reports RBC Crypto with reference to CoinDesk.

Euler Finance is a DeFi platform based on the Ethereum blockchain that provides cryptocurrency lending services. On March 13, it was hacked. The hacker withdrew about $197 million from the protocol in various cryptocurrencies such as DAI, WBTC, stETH and USDC.

Ronin bridge crackers, believed to be members of the North Korean Lazarus Group, sent an on-chain message to the Euler protocol cracker asking them to decrypt the encoded message. But according to experts contacted by the publication, this message was a phishing request, the purpose of which was to steal the credentials of the hacker’s Euler wallet.

A few minutes after the Euler hacker received this message, the Euler Finance developers tried to intervene by warning “their” hacker to be wary of the alleged hack.

“Under no circumstances should you attempt to view this message. Do not enter your private key anywhere. We remind you that your computer can also be compromised,” the Euler team wrote in a separate transaction.

The March 21 message was not the first in the hackers’ correspondence. On March 17, hacker Euler sent 100 ETH to a wallet associated with the Lazarus group. The reasons for this are still unclear.

In a warning to the hacker, Euler developers also wrote that the easiest way out of his situation would be a refund. They are currently negotiating.

“We want to resolve the situation for all those affected. We have no intention of appropriating what does not belong to us. Let’s establish a secure connection and come to an agreement, ”the hacker wrote to developers on March 21, as reported by Certik, a company specializing in blockchain security.

Stay in touch! Subscribe to at Telegram.

Comments (No)

Leave a Reply