Euler Finance, a crypto lending protocol, suffered an exploit on March 13, which led to the theft of over $195 million worth of ETH and tokens from its smart contracts. However, the attacker has been returning some of the stolen assets, with the latest being an additional $37.1 million worth of Ether and Dai.
According to on-chain data, an address associated with the attacker sent 7,738.05 ETH to the Euler deployer account, and another address sent an identical amount to the same deployer account, for a total of 15,476.1 ETH returned. The first wallet then sent another transaction to the deployer account for $10.7 million worth of Dai, bringing the total of all three transactions to approximately $37.1 million.
In total, the attacker has now returned over $138 million worth of crypto assets since the exploit. Euler Finance was an important platform for multiple protocols in the Ethereum ecosystem, and at least 11 of them have reported incurring indirect losses as a result of the attack.
The exploit occurred because of a faulty function that allowed the attacker to donate their lent Dai to a reserve fund, pushing their own account into insolvency. A separate account was then used to liquidate the first account at a steep discount, allowing the attacker to profit from this discount.