North Korean Hackers Involved In Euler Finance Exploit: Chainalysis

The recent Euler Finance exploit is the largest attack in the crypto space in 2023. The incident occurred through a flash loan attack that led to the loss of almost $200 million in crypto assets.

The hacker eventually transferred the stolen funds to different crypto addresses. A report from a blockchain analytics company, Chainalysis, links a North Korean crypto address to the attack. The address received a transfer of about $170,000 of the stolen funds from the Euler platform.

Euler Finance Stolen Funds Traced To North Korean Hackers

According to the report, Chainalysis identified another address linked with North Korean hackers receiving the Euler stolen funds. The analysis said the address got a transfer of some Ether tokens worth almost $170 million. The North Korean address was traced to several hacking activities in the past.

Also, Chainalysis noted that two primary on-chain entities are involved in the exploits. There are a front-running Miner Extractable Value (MEV) bot and the primary personal wallet of the hacker. 

The hacker preyed on Euler software vulnerabilities that lack collateralization in flash loans to borrow huge funds. The action aided them in manipulating token prices. Also, the infamous sanctioned crypto mixer, Tornado Cash, provided initial financial support to the exploiter. It assisted in covering the gas fees and constructing the contracts used in the attack. 

The hacker initiated a flash loan, borrowing several DAI tokens worth $30 million from the Aave protocol. After completing the attack, the hacker still transferred some of the funds back to the Tornado Cash platform.

North Korea And Crypto Attacks

The connection of the North Korean hackers and address prove their involvement in exploiting Euler Finance. Also, it could mean that the attacker was trying to throw the investigation off balance by transferring some funds to the address.

However, North Korean hackers are notorious for increasing criminal activities and attacks on decentralized finance (DeFi). According to data from Chainalysis, North Korean hackers raked about $3.8 billion from the crypto industry in 2022. This value was higher than what they stole in the previous years.

Also, the analytics firm noted that the hackers were connected to most of the crypto attacks in 2022. But decentralized finance protocols are the major victims of the group’s hacking activities. Attacks on DeFi protocols ranked up to 82.1% of the total hacking activities of the group.

In February 2023, the Korea Times reported that South Korea slammed North Korea with sanctions concerning crypto crimes. This marked the first independent imposed sanctions from South Korea on its northern neighbor as related to cyber activity.

The South Korean sanctions were on four North Korean hackers and seven groups that allegedly assisted in funding the weapons program of the regime. Among the North Korean hackers sanctioned is the notorious Lazarus Group, with high records of cybercrimes globally.

Featured image from Pixabay and chart from Tradingview.com