Update: Euler Finance has retrieved $31 million from the exploit

In a remarkable turn of events, the hacker responsible for the Euler Finance exploit has returned the outstanding $31 million, marking a successful end to the recovery efforts of the decentralized lending project. This resolution serves as a rare instance of a positive outcome in the DeFi space, where large-scale hacks have become increasingly common.

Euler Finance suffered a complex, flash loan-enabled attack on March 13 that resulted in a loss of $197 million worth of crypto assets. In response, Euler Finance offered the attacker a 10% bounty worth $19.7 million, along with a warning that a $1 million reward would be initiated for information on the attacker if the remaining 90% of the funds were not returned.

On Monday, around 6:55 pm EST, the attacker sent back $31 million – comprising 10,580 ETH ($19 million) and $12 million in DAI – through three transactions. This brought the total value of the returned funds to over $177 million, accounting for 90% of the expected recoverable funds from the hack after adjusting for the 10% bounty previously offered by the project, according to the Euler Finance team.

Euler Labs, the developer behind the affected project, confirmed the successful recovery in a recent Twitter post, stating: "Following successful negotiations, all of the recoverable funds taken from the Euler protocol on March 13th have now been successfully returned by the exploiter."

Despite initial doubts when the hacker laundered $1.8 million through the crypto mixer Tornado Cash three days after the attack, the recovery process began on March 18 with the return of $5.4 million to Euler. Over the following days, the hacker continued to return funds at variable intervals, including the most significant tranche of $102 million in ETH.

On March 28, the hacker sent a series of on-chain messages to their address, using the input data to share messages with the public. In these messages, the attacker expressed remorse, saying they were "sorry" and promising to return the remaining funds as soon as possible.

The successful recovery of funds in the Euler Finance exploit showcases the importance of negotiation and communication in addressing the challenges posed by large-scale hacks in the DeFi space. The resolution of this incident may serve as a valuable learning experience for other projects within the ecosystem, highlighting the potential for positive outcomes even in the face of seemingly insurmountable obstacles. As the DeFi sector continues to evolve, lessons from this recovery effort could provide valuable insights into developing strategies to protect projects and users against future attacks.