Euler was hacked over 2 weeks ago for $205M.
After draining the platform, the Euler Exploiter has been sending funds to their own victims, Euler's Team, and even the Lazarus Group from North Korea.
Here's a complete timeline of events as they stand currently: 

Twitter

Vida: Born after 2000, founder of Equation News, specializing in algorithmic trading. He once shared his story of earning tens of millions of US dollars in the crypto market.

Background: At 01:23 AM Beijing time on January 1, 2026, Equation News detected that a market maker's Binance account was highly suspected of being compromised. Potential attackers were suspected of using approximately $10 million to $20 million in funds from this account to manipulate the price of the BROCCOLI714-USDT trading pair on the Binance spot market.

The following is Vida's recap of the entire process: Prerequisites and Infrastructure:

- ...

Earning a million at the start of 2026: "God of War" Vida recounts the entire trading process of the BROCCOLI714 incident.

Ethereum founder Vitalik Buterin discussed the network’s technical development and long-term goals in his assessment for 2025.
Buterin noted that significant progress has been made in the Ethereum eco...

Ethereum Founder Vitalik Buterin Makes His Assessment of the Year 2025! Here Are the Details

【FIL】Price and Volume Fluctuation Alert
Monitoring Information: Volume increased by more than 3.3 times in the 15-minute timeframe
Alert Price: 1.465
Price Fluctuation: Up 5.02%

Followin Level 2 Anomaly Alert: 【FIL】Price and Volume Fluctuation Alert

Here's a brief timeline of events to summarise.
After the assets were taken and swapped to ETH/DAI, they were gathered in the Holder address, a total of $205M.
$162M ETH
$43M DAI
Of this, 8K ($12.9M) ETH was held in a different wallet, 0xB26.
This ETH has since not moved. 

100 ETH is immediately sent through Tornado Cash, presumably for testing.
3 days later on the 16th, 1000 more ETH are sent through Tornado Cash.
A further 2500 ETH ($4.3M) are deposited to the hacker's dedicated Tornado Cash address, but not sent through the Tornado Router. 

After this, the hacker's odd behaviour begins - first sending 100 ETH to an Euler user who had lost 86ETH in the hack.
Following this, they sent 100 ETH to the North Korean Lazarus Group, who then attempted to drain the hacker's address using a fake decryption tool. 

The Exploiter began to return ETH to the Euler Deployer address - first 3K ETH across 3 individual transactions - before sending a flurry of on-chain messages claiming that he wanted to return most funds.
A week later, the hacker returned a single massive transaction of 51K ETH. 

Next, the Euler Exploiter established 4 different "Child Addresses" - each holding around 7.7K ETH and 10M DAI.
Over the past few days, the 31K ETH sent to these addresses, as well as 30M DAI gradually all made their way to the Euler Team's Multisig. 

Only 12M DAI still resides in the address marked "Tertiary".
The hacker appeared to be panicking over the past 14 hours, sending multiple on-chain messages claiming to be named "Jacob" and regretting his actions, as well as promising swift return of the funds. 

Currently, the hacker holds:
$18.35M of ETH
- 8K ETH in the Main Caller address
- 2.5K ETH in the Tornado Cash address
$13.1M of DAI
- $12M in the Euler Tertiary account
- $1.1M held across Child 1 and 2
They have returned 85K ETH and 30M DAI.
That is $177M, 86% of the total. 

Additionally, they have also:
Sent 1100 ETH through Tornado Cash ($1.9M)
Sent 100 ETH to the North Korean Lazarus Group
Sent 100 ETH to a single affected user, 0x2Af.

We hope this can all come to an amicable conclusion.
Join our discord for more reporting:
http://discord.gg/arkham