Internal strife, coincidences, mistakes, and being arrested for carrying cash the untold story behind the Euler Finance hacker.

The hidden story of the Euler Finance hacker internal conflicts, coincidences, mistakes, and arrest for carrying cash.

Author: Ekin Genç; DL News; Translation: LianGuai0xxz

Key Points:

1. A man claiming to be behind the $200 million Euler Finance hack claims that he is currently in a prison in Paris.

2. The man, who identifies himself as Federico Jaime, claims that he hired a Spanish student to help him attack Euler, but there was a falling out between them.

3. Jaime said that his advisor tried to report them and there was a “disagreement” between them.

4. He claims that his intention is to return the funds to Euler and defends his use of Tornado Cash.

A few weeks ago, DL News contacted a 20-year-old Argentine named Federico Jaime, who claimed to be the mastermind behind the $200 million Euler Finance hack in March.

Through phone calls and Telegram, he revealed to DL News a convoluted and sometimes confusing story. He said he is currently in a prison in France after being arrested in May for carrying €200,000 in cash at a train station in Paris.

Jaime said that his current situation in France is only a “small money laundering case” and has nothing to do with his $200 million operation against the Euler protocol in March.

Jaime claims that the cash he was carrying was income from his online IT business with his father, as well as some fiat currency from the $2 million worth of cryptocurrencies he claimed to have withdrawn from Euler.

Jaime said that the reason given by the Euler team was that they believe the $2 million worth of Ether he had was tainted because it went through the encrypted mixing service Tornado Cash. The US government sanctioned Tornado Cash last year, and one of its developers is facing money laundering charges in the Netherlands.

Jaime could be facing more severe charges than just holding hundreds of thousands of euros.

Euler Finance is a decentralized finance lending protocol developed by Euler Labs based in the UK. It lost $200 million worth of cryptocurrencies on March 13, as Jaime (if he is indeed the main hacker as he claims) exploited a vulnerability in its code to divert investors’ deposits into his wallet.

Euler declined to comment on this article. On April 4, Euler stated that the hacker had returned “all recoverable funds”.

Jaime confirmed that he had returned most of the funds, but on March 17, he unknowingly sent $200,000 worth of Ether to the North Korean state-backed criminal group Lazarus Group, which has been sanctioned by the US Treasury Department.

In two weeks of conversation, Jaime explained why he attacked Euler and decided to publicly admit to being the mastermind behind the crime; why he was eager to talk about his situation with the media; and why transferring funds to North Korea was a “foolish mistake”.

Behind the Attack Incident?

Jaime claimed that he was being held in a low-security prison in Nanterre, a suburb of Paris, where riots broke out after a 17-year-old named Nahel Merzouk was shot by the police.

The French prisoner database is not publicly available. The prison authorities did not respond to requests for comment.

For someone involved in a $200 million DeFi hack, Jaime is unusually candid.

He told DL News, “If you publish this interview, by the way, don’t worry about mentioning my name in the article.” He also suggested a headline for the journalist: “Interview with Euler hacker Federico Jaime.”

He also said that his photo can be used.

He said he prefers to be an interview subject for “entertainment purposes.” He also expressed a desire to stop hackers who want to engage in foolish behavior.

DL News was unable to verify whether Jaime is the main perpetrator of the Euler attack. However, the on-chain information pointing to his social media accounts was sent from the wallet of the main attacker.

This at least indicates that he is speaking on behalf of the attacker.

DL News confirmed Jaime’s identity through access to his pre-Euler attack Github account, Instagram stories spanning a year, conversations with people who know him, and reports from Argentine media linking Jaime to another cryptocurrency theft case, with the photo used in the report matching the pictures on Jaime’s controlled accounts.

Jaime denied the Argentine accusations to DL News, and the companies and prosecutors involved did not respond to requests for comment.

Jaime referred DL News to his lawyer, Thibaut Rouffiac, to discuss the details of his arrest in France. When contacted by a man who confirmed his name as Rouffiac, he said, “I cannot discuss this case.”

Rouffiac said, “I don’t know and don’t care what he said,” referring to Jaime’s permission to contact him.

Chabaneix Avocats, a law firm in Madrid, described Rouffiac on its website as a criminal lawyer specializing in financial crimes and extradition cases in its international team.

“Did not anticipate all the consequences”

Jaime said that before successfully attacking Euler, he tried about 20 projects.

He told DL News, “I wanted to prove to myself as a hacker that I could exploit certain things in DeFi.

The amount of DeFi attacks every month

He said, “The problem, of course, is that I did not anticipate all the consequences. I did not anticipate that I would need a plan to return the funds afterwards.”

But why did he send the funds to Tornado Cash in the days following the attack? Using privacy tools so early on was seen as a signal that he may not intend to return the funds.

“Is it a big problem that I used Tornado Cash? Everyone is using Tornado Cash,” he said, refusing to elaborate further.

Arguing with Spanish Students

Jaime claimed that he discovered the vulnerability in Euler and was the main attacker, but he enlisted the help of a Spanish student to carry out the attack.

Jaime said that he encountered someone he referred to as an “advisor” on Discord, and they established contact by playing the video game “Counter-Strike”.

He refused to disclose the advisor’s name, stating that they only provided some advice, albeit “bad advice”.

However, on-chain data suggests that the advisor may have been more actively involved.

On March 25th, the main wallet of Jaime’s social media account, which was later revealed, sent approximately $100 million (half the value of Euler) worth of cryptocurrency to four newly created wallets. Jaime claimed that these four wallets belonged to the advisor.

About an hour after receiving the funds, one of the wallets sent a message on-chain to Euler, offering “a 15% reward in exchange for giving up the investigation into the hacker”.

A few minutes later, the same wallet sent another message, providing the same information but offering a “10% reward, just like before”.

Two days later, all four wallets started returning the funds to Euler.

He stated that after receiving the funds, his advisor tried to accuse him, and they had “arguments about many things”.

Jaime said that he didn’t know if the person received a bounty from Euler for providing information about him. Euler declined to comment.

He stated that no one else was involved in this attack.

“A Strange Coincidence”

From the beginning of the attack, many people demanded that Euler’s attacker refund the losses or donate to them.

But the attacker only responded to one person’s request. DL News confirmed in March that the recipient was an Argentine Ethereum developer named Santiago Sanchez Avalos.

“I really don’t know Santiago. It’s a strange, very strange coincidence,” Jaime said. “Actually, it’s interesting to find out that he is also Argentine.”

He said he might have “put him in a difficult position” because public attention turned to Avalos.

Euler Governance Token Price

“Really? No, I’m not the hacker,” Avalos told DL News at the time. “I believe he might have been moved by my message.”

Jaime said he was morally motivated to fulfill Avalos’ request.

“Stupid Mistake”: Sending Money to North Korean Hackers

Avalos, the victim of Euler, was not the only recipient of wallets related to the Euler attack.

On March 17th, the main attacker wallet sent 100 Ether to wallets associated with the $600 million Ronin Bridge attack.

Last April, the US Treasury Department designated the Lazarus Group behind the Ronin Bridge attack as an entity associated with the North Korean government. A week later, the Federal Bureau of Investigation identified Lazarus as the mastermind behind the attack.

“I didn’t know it was North Korea,” Jaime said. “I thought it was just someone like me.”

He said he gifted the attackers of Ronin Bridge with approximately $200,000 worth of Ether as “a hacker’s gift to another hacker” because he was impressed by the “bold attack” that surpassed all other DeFi attacks.

However, blockchain transactions are irreversible, and the funds have now flowed to North Korea.

Now, Jaime refers to it as “a foolish mistake.”

He refused to answer whether he is worried about being extradited to the United States.

“I have too much respect for the US government to talk about it in such a shallow way,” he said.

Euler’s Total Value Locked (TVL) is an indicator of investor deposits, which is currently around $76,000, compared to over $300 million before the attack. This attack has caused damage and deterred potential investors from using the protocol.

Euler plans to launch version 2 and a decentralized exchange called EulerSwap.

Jaime stated that once his own issues are resolved, he hopes to help Euler “recover to the previous TVL level.”

“Things should have been different,” Jaime said.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more