{"id":11053,"date":"2023-03-22T09:28:17","date_gmt":"2023-03-22T09:28:17","guid":{"rendered":"http:\/\/cryptoheretostay.com\/?p=11053"},"modified":"2023-03-22T09:28:18","modified_gmt":"2023-03-22T09:28:18","slug":"north-korean-lazarus-group-tries-to-phish-euler-exploiter","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=11053","title":{"rendered":"North Korean Lazarus Group tries to phish Euler exploiter"},"content":{"rendered":"<p> <script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<\/p>\n<h2>Ad<\/h2>\n<p>A wallet connected to the Ronin bridge exploiter sent 2 Ethereum (ETH) \u2014 worth $3,586 \u2014 to Euler Finance (EUL) hacker on March 17, according to on-chain data.<\/p>\n<p>The transaction was attached with a message urging the Euler Finance hacker to decrypt an encrypted message.<\/p>\n<p>Polygon\u2019s chief information security officer Mudit Gupta said the attached message was a phishing attempt. Gupta added:<\/p>\n<p>\u201cDPRK [Ronin Bridge exploiter] just sent an on-chain message to Euler exploiter, trying to phish him and anyone else stupid enough to enter their private key in the tool they shared.\u201d<\/p>\n<p>Gupta further warned the community not to ever enter their \u201cprivate key on any website or tool.\u201d<\/p>\n<p>Blockchain security firm Hexagate corroborated Gupta\u2019s view. The firm added, \u201cthe Ronin bridge attacker was trying to exploit the Euler attacker by luring him into running a vulnerable program.\u201d<\/p>\n<p>Meanwhile, this is not the first time both exploiters would interact with themselves. The Euler attacker sent 100 ETH to the Ronin Bridge hacker on March 17.<\/p>\n<p>The Ronin Bridge exploit was linked to the infamous North Korean hacker group Lazarus.<\/p>\n<h2>Euler Labs urge attacker not to open message<\/h2>\n<p>Meanwhile, the decentralized finance (DeFi) protocol developer Euler Labs told its exploiter not to open the encrypted message under any circumstance. The protocol further urged the exploiter that \u201cthe simplest way out here is to return funds.\u201d<\/p>\n<p>The project elaborated that the suggested decryption tool was an old version of a vulnerable elliptic. According to the developers, the private keys involved in the decrypting would be revealed after some ECDH operations.<\/p>\n<p>The Euler exploiter had returned 3000 ETH to the DeFi project and had expressed willingness to return the stolen funds.<\/p>\n<p><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cryptoslate.com\/north-korean-lazarus-group-tries-to-phish-euler-exploiter\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ad A wallet connected to the Ronin bridge exploiter sent 2 Ethereum (ETH) \u2014 worth $3,586 \u2014 to Euler Finance (EUL) hacker on March 17, according to on-chain data. The transaction was attached with a message urging the Euler Finance hacker to decrypt an encrypted message. Polygon\u2019s chief information security officer Mudit Gupta said the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11054,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[3],"tags":[],"class_list":["post-11053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/11053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11053"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/11053\/revisions"}],"predecessor-version":[{"id":11055,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/11053\/revisions\/11055"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/11054"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}