Addresses associated with a recent exploit of the Euler DeFi protocol, and last year’s hack of Axie Infinity’s Ronin network are interacting and nobody knows why.
On-chain data first spotted by Look on Chain shows that an address controlled by the entity that exploited Euler Finance’s protocol has sent 100 Ether ($170,515) to a wallet associated with Lazarus Group’s Ronin network hack.
It’s unclear if Lazarus Group is also behind the attack, or if there’s any sort of affiliation with them and the entity that exploited Euler Finance.
The U.S. Department of the Treasury added Lazarus Group to its list of designated entities in April. In January, the Federal Bureau of Investigation (FBI) said that Lazarus Group, along with fellow North Korean hacking squad APT38, were responsible for the theft of $100 million in crypto assets from Horizon Bridge.
In total, Euler Finance was exploited for nearly $200 million in crypto largely denominated in DAI, wrapped bitcoin, staked ether (sETH), and USDC.
It’s important to note that the attacker behind the exploit didn’t necessarily “hack” it, or break its code to intrude inside, but rather manipulated internal markets via a flash loan to drain its treasury.
In October 2022, a similar scheme was used to manipulate the Solana-based protocol Mango Markets to drain its treasury. The individual behind the exploit, Avraham Eisenberg, was arrested in Puerto Rico in late December.