Yesterday, the "Ronin bridge exploiter" (Ronin hacker) address, which previously attacked the Axie Infinity sidechain Ronin validator nodes and stole $625 million worth of cryptocurrency, sent a link to an address labeled "Euler exploiter" (Euler hacker). notification on the Internet, asking it to decrypt an encrypted message. In the transaction that included this notice, the Ronin hacker also generously offered 2 ETH.(Odaily attaches the "shocking case" of the two hackers at the end of the article.)

Could this be the legendary peer exchange? The answer is naturally no. Encryption experts quickly deciphered the so-called "encrypted message". According to the analysis of experts,The news is actually a phishing scam. Ronin hackers tried to use this phishing link to steal the private key of the Euler developer wallet, and then control the $197 million that was just stolen from Euler Finance...

For a while, this "scary operation" among encrypted hackers aroused heated discussions in the community.

Hudson Jameson, a former developer at the Ethereum Foundation, said that the Ronin hacker's notification was a thinly veiled attempt to trick the Euler hackers into handing over the private keys they stole from Euler Finance, but the motivation behind this on-chain information is unclear," I don't know why they're asking this question, but I'd definitely like to see if the Euler hackers fell for the phishing trap."

Stephen Tong, co-founder of security audit firm Zellic.io speculatesEncrypted messages sent by Ronin hackers likely contained 'offers' to Euler hackers, "but we can't be sure because we can't decrypt the message private key without the encryption". It may be just a farce, as Jameson said, or a challenge launched by Ronin hackers to Euler hackers, depending on whether Euler hackers accept the move.

At the same time, Euler Finance, as a victim of theft, will certainly not sit idly by—The developers of Euler Finance immediately tried to message it and intervened temporarily in a united front with the Euler hackers。Euler Finance warns Euler hackers of so-called decryption software, and stated that "the easiest way is to return the funds."

In addition, Euler Finance developers also reminded Euler hackers again in another transaction, "Do not attempt to view the message under any circumstances. Do not enter your private key anywhere. As a reminder, your device may also be compromised." to attack."

Euler Finance's nervousness is understandable. After all, after a lot of "on-chain communication" with the Euler hacker, the Euler hacker finally let go and began to return the funds one after another. Euler Finance can see that the "payment back" should not be robbed halfway.

In a transaction sent to Euler in the early hours of Monday, the Euler Finance attackers noted, "We want to make it easy for everyone affected. No intention of keeping something that doesn't belong to us. Set up secure communication. Let's make an agreement." Subsequently, Euler Finance responded on the chain, "Message received, let us chat privately with your EOA at blockscan via Euler Deployer address, or sign the message via email at contact@euler.foundation or any other channel of your choice. "

According to the analysis of the communication records on the chain, the Euler hacker fund return process is progressing steadily under the negotiation between the two parties.

Currently, neither Ronin Hacker nor Euler Hacker has commented on the matter.

secondary title

Recap

In March last year, the Axie Infinity sidechain Ronin validator node was hacked, and the private keys of four Ronin validators from Sky Mavis and a third-party validator run by Axie DAO were stolen, resulting in the theft of 173,600 ETH and 25.5 million USDC , based on the "current price" of ETH, the loss is worth about 616 million U.S. dollars, which is also the largest amount of damage in the history of encryption security accidents.

Since then, according to a previous security vulnerability report released by Axie Infinity side chain Ronin, an employee of Sky Mavis was compromised by a phishing attack, and the attacker managed to use this access to infiltrate Sky Mavis IT infrastructure and gain access to verification nodes. In addition, the attacker discovered a backdoor through the gas-free RPC node and obtained the signature of the Axie DAO validator node.

The attack occurred on March 23 and was only discovered by the team on March 29. Officials stated that there was no proper tracking system to monitor the large outflow of cross-chain bridge funds. After the new cross-chain bridge is deployed, it will not be possible to withdraw a transaction of this size without human interaction.

Since then, the Ronin hackers have repeatedly performed on-chain operations on the stolen crypto assets, transferring them from Tornado Cash to multiple cross-chain bridges and cryptocurrency exchanges.

On March 13 this year, the Ethereum-based DeFi lending protocol Euler Finance was attacked by a flash loan, and the amount of damage was about 197 million US dollars, including 8,877,507.35 pieces of DAI, 849.14 pieces of WBTC, and 34,413,863.42 pieces of USDC , 85,818.26 stETH.

According to the analysis of the security company, the attack on Euler Finance may be caused by the logical flaw of donation and liquidation, which was used in a series of transactions on Ethereum (hacking transaction address), resulting in the project being hacked. In addition, Aztec, Yield Protocol, Yearn Finance, etc. are all affected by it.

Currently, the Euler hackers are negotiating with Euler on the return of funds, hoping to set up secure communication and start returning funds.