Lucy Jane 
Euler Finance exploiter returns $37.1M ETH, DAI
On-chain data indicates that the perpetrator of the March 13 Euler Finance exploit returned an additional $26.5 million worth of Ether to the Euler Finance deployer account on March 27.
At 6:21 UTC, an address associated with the attacker sent 7,738.05 ETH (equivalent to approximately $13.2 million at the time the transaction was confirmed) to the Euler deployer account.
Another address associated with the attacker sent an identical amount to the same deployer account in the same block, returning 15,476.1 ETH (approximately $26.4 million) to the Euler team.
The first wallet then sent another transaction to the deployer account for $10.7 million worth of DAI stablecoin at 18:40 UTC. Together, these three transactions total approximately $37.1 million.
The fact that these two addresses have received funds from the account identified by Etherscan as “Euler Finance Exploiter 2” suggests they are under the control of the attacker.
The previous return of 58,000 ETH (worth over $101 million at the time) occurred on March 25. Since the exploit, the attacker appears to have returned a total of over $138 million worth of crypto assets.
The Ethereum-based crypto lending protocol Euler Finance was exploited on March 13, and smart contracts were drained of over $195 million worth of ETH and tokens.
Multiple protocols within the Ethereum ecosystem relied on Euler in some capacity, and at least eleven protocols have reported indirect losses as a result of the attack.
According to Slowmist’s analysis, the exploit occurred as a result of a flawed function that permitted the attacker to donate the lent Dai to a reserve fund. Through this contribution, the attacker was able to render their account insolvent.
The first account was then liquidated using a separate account at a steep discount, allowing the attacker to profit from the discount.
After depleting Dai through the initial attack, the attacker repeated the process for multiple tokens, removing more than $196 million from the protocol.
