North Korean Lazarus Group tries to phish Euler exploiter
A wallet connected to the Ronin bridge exploiter sent 2 Ethereum (ETH) — worth $3,586 — to Euler Finance (EUL) hacker on March 17, according to on-chain data.
The transaction was attached with a message urging the Euler Finance hacker to decrypt an encrypted message.
Polygon’s chief information security officer Mudit Gupta said the attached message was a phishing attempt. Gupta added:
“DPRK [Ronin Bridge exploiter] just sent an on-chain message to Euler exploiter, trying to phish him and anyone else stupid enough to enter their private key in the tool they shared.”
Gupta further warned the community not to ever enter their “private key on any website or tool.”
Blockchain security firm Hexagate corroborated Gupta’s view. The firm added, “the Ronin bridge attacker was trying to exploit the Euler attacker by luring him into running a vulnerable program.”
Meanwhile, this is not the first time both exploiters would interact with themselves. The Euler attacker sent 100 ETH to the Ronin Bridge hacker on March 17.
The Ronin Bridge exploit was linked to the infamous North Korean hacker group Lazarus.
Euler Labs urge attacker not to open message
Meanwhile, the decentralized finance (DeFi) protocol developer Euler Labs told its exploiter not to open the encrypted message under any circumstance. The protocol further urged the exploiter that “the simplest way out here is to return funds.”
The project elaborated that the suggested decryption tool was an old version of a vulnerable elliptic. According to the developers, the private keys involved in the decrypting would be revealed after some ECDH operations.
The Euler exploiter had returned 3000 ETH to the DeFi project and had expressed willingness to return the stolen funds.