Ethereum-based noncustodial lending protocol Euler finance is making an attempt to chop a cope with the exploiter that stole thousands and thousands from its protocol, demanding the hacker returns 90% of the funds they stole inside 24 hours or face authorized penalties.

The platform was exploited for $196 million on March 13 and Euler Labs despatched its ultimatum to the flash loan attacker by transferring them 0 Ether (ETH) with an hooked up message on March 14:

“Following up on our message from yesterday. If 90% of the funds are usually not returned inside 24 hours, tomorrow we’ll launch a $1M reward for info that results in your arrest and the return of all funds.”

The specter of legislation enforcement comes as Euler sent the hacker a way more civil message the day earlier than.

“We perceive you might be liable for this morning’s assault on the Euler platform,” it learn. “We’re writing to see whether or not you’ll be open to talking with us about any potential subsequent steps.”

The request for a 90% fund return would see the hacker ship again $176.4 million whereas holding onto the remaining $19.6 million.

Nevertheless, many observers have famous that the hacker has little or no to no incentive to observe by means of with the deal.

“If I used to be the hacker I’d merely say “to anybody who manages to trace me down, I offers you $2 million to not inform Euler,” one observer said.

“Yeh he has 200 Million they’ve 2 Million. He wins in a bidding struggle”, one other Twitter consumer wrote in response.

Euler Labs mentioned they’re already working with legislation enforcement in america and the UK together with partaking blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum neighborhood to assist observe down the hacker.

Associated: DeFi protocol Platypus suffers $8.5M flash loan attack, suspect identified

The lending platform added it was capable of promptly stop the flash loan attack by blocking deposits and the “weak” donation operate.

As for the exploited code, the workforce defined the vulnerability “was not found” in its good contract audit, which existed on-chain for eight months till it was exploited on March 13.