This article is more than six months old

A 20-year-old Argentinian behind the $200m Euler hack says he’s now in a Paris jail

A 20-year-old Argentinian behind the $200m Euler hack says he’s now in a Paris jail
Euler Finance, a DeFi lending protocol developed by UK-based Euler Labs, lost $200 million to an exploit in March. The exploiter returned the majority of funds by early April.
  • A man claiming to be behind the $200 million Euler Finance hack says he’s now in a Paris jail.
  • The man, who says his name is Federico Jaime, said he enlisted the help of a student in Spain to exploit Euler, but later infighting broke out.
  • Jaime said his adviser attempted to snitch on him, and that they were “in quarrels.”
  • He said his intention was to return the funds to Euler and defended his use of Tornado Cash.

A few weeks ago, DL News made contact with a 20-year-old Argentinian named Federico Jaime, who says he’s behind March’s $200 million Euler Finance exploit.

By phone and by Telegram, he reveals to DL News a winding and sometimes confusing — even contradictory — narrative. He says he is calling from a French prison after an arrest at a Paris train station in May for travelling with €200,000 in cash.

It’s just a “small money-laundering case” he’s going through in France right now, Jaime said. It’s very separate from his $200 million feat of the Euler protocol back in March.

Jaime said the cash he carried was a mix of his proceeds from an online IT business he runs with his father, and some from $2 million in cashed-out cryptocurrency that he says Euler allowed him to keep.

Stay ahead of the game with our weekly newsletters

NOW READ: Euler hacker returns $176m of stolen funds amid ‘ongoing’ negotiations

The Euler team’s reasoning, Jaime said, was that they figured the $2 million or so worth of Ether was tainted because it passed through a coin mixer called Tornado Cash. The US government sanctioned Tornado Cash last year, and one of its developers is facing money-laundering charges in the Netherlands.

Jaime may face charges more serious than holding a few hundred thousand euros.

Euler Finance, a DeFi lending protocol developed by UK-based Euler Labs, lost $200 million in cryptocurrencies on March 13 after Jaime — if he is the main hacker as he claims — exploited a vulnerability in its code, making the investor deposits flow to his wallets.

Join the community to get our latest stories and updates
Euler's total value locked, a metric for investor deposits in DeFi

Euler declined to comment for this article. On April 4, Euler said that the hacker returned “all of the recoverable funds.”

Jaime confirmed he gave most of the money back, but said on March 17 that he unwittingly sent $200,000 in Ether to Lazarus Group — a state-sponsored North Korean crime syndicate sanctioned by the US Treasury.

‘The problem is, of course, that I did not foresee all the consequences.’

Over two weeks of conversations, Jaime explained why he exploited Euler, and why he then decided to publicly link himself to the crime; why he is so eager to speak to the media about his situation; and how the transfer of funds to North Korea was a “stupid error.”

The man behind the exploit?

Jaime said he is being held in a minimum security prison in Nanterre, the Parisian suburb shaken by riots after 17-year-old Nahel Merzouk was shot by police.

France’s prisoner database isn’t public. The prison administration didn’t return requests for comment.

For someone who was involved in a $200 million DeFi exploit, Jaime is unusually forthcoming.

“If you publish this interview, don’t worry about putting my name in it, by the way,” he told DL News, suggesting a headline idea: “Interview with Euler’s hacker: Federico Jaime.”

His photos may also be used, he said.

He said he prefers to be the subject of an interview that’s “entertaining for the public.” (Crypto news site Coinage ran an interview with Jaime on June 30.) He said he also wants to deter wannabe hackers from doing stupid things.

DL News is unable to verify Jaime is the main Euler exploiter. But the on-chain messages pointing to his social media accounts were sent from the main exploiter wallet.

It suggests he is at the very least someone who is speaking on behalf of the exploiter.

NOW READ: Indexed Finance hacker now says he’s a whitehat

DL News corroborated Jaime’s identity through his demonstrated access to a Github account predating the Euler exploit; his Instagram stories spanning over a year; conversations with a person who knows him; and reporting in the Argentinian press linking Jaime to a separate crypto heist, which used photos that match images on accounts Jaime controls.

Jaime denied the Argentinian allegations to DL News , and the company and prosecutor involved didn’t respond to requests for comment.

‘I don’t know and I don’t care what he said.’

Jaime referred DL News to his lawyer, Thibaut Rouffiac, to discuss details of his arrest in France. When contacted, a man who confirmed his name as Rouffiac said he “can’t speak about this case.”

“I don’t know and I don’t care what he said,” Rouffiac said, referring to Jaime’s permission to contact him.

Chabaneix Avocats, a Madrid-based law firm specialising in financial crime and extraditions, describes Rouffiac on its website as a criminal lawyer on the firm’s international team.

‘Didn’t foresee all the consequences’

Jaime said he’d reviewed about 20 projects before he hit the Euler jackpot.

“I wanted to prove to myself that I could exploit something in DeFi as a hacker,” he told DL News.

Monthly sum of DeFi exploits

“The problem is, of course, that I did not foresee all the consequences. I didn’t foresee that afterwards I would need a plan to return the funds.”

But why send funds to Tornado Cash in the days immediately following the hack? The use of a privacy tool so early on was seen as a signal that he may not have intended to return the money.

NOW READ: ‘Not over yet’: Tornado Cash attack rages on with $1m in jeopardy

“Is it a huge problem that I used Tornado Cash? Everyone uses Tornado Cash,” he said, declining to elaborate.

Infighting with student in Spain

Jaime said he found the vulnerability in Euler himself and is the main exploiter, but enlisted the help of a student in Spain to help him exploit it.

Jaime said he met a man he dubbed an “adviser” on Discord, where they built rapport by playing the video game “Counter-Strike.”

He declined to give the adviser’s name, saying he wasn’t involved beyond providing advice, “even though it was bad advice.”

NOW READ: MakerDAO members set to approve controversial ‘whistleblower bounty’ to enforce anonymity

On-chain data suggests the adviser may have been more actively involved, however.

On March 25, the main wallet that later published Jaime’s social media accounts sent about $100 million — half of the value extracted from Euler — worth of cryptocurrencies to four freshly-created wallets. Jaime said all these four wallets belong to the adviser.

About an hour after receiving the funds, one of those four wallets sent an on-chain message to Euler offering to “give up every fucking thing about the hacker for 15%.”

Minutes later, another message came through from the same wallet, this time offering the same information for “10% like offered.”

Two days later, all four wallets began sending the funds back to Euler.

He said his adviser attempted to snitch on him after receiving the funds, and that they were “in quarrels about many things.”

Jaime said he doesn’t know whether the person received a bounty from Euler in exchange for information about him. Euler declined to comment.

He said there was no other person involved in the exploit.

‘A strange coincidence’

From the first moments of the hack, many asked the Euler exploiter to refund losses or to donate money to them.

But the exploiter answered only one person’s call. DL News identified the receiver in March as an Argentinian Ethereum developer called Santiago Sanchez Avalos.

NOW READ: Euler hack victim who got 100 ETH: ‘He was probably moved by my message’

“I truly don’t know Santiago. It was a strange, very strange coincidence,” Jaime said. “In fact, I was amused to discover he was also Argentine.”

He said he may have “put him in a bad position,” as public attention turned to Avalos.

The price of Euler's eponymous governance token

“Seriously? No, I’m not the hacker,” Avalos told DL News at the time. “I believe he was probably moved by my message.”

Jaime said he was “morally motivated” to honour Avalos’ request.

North Korea ‘error’

Euler victim Avalos wasn’t the only recipient of funds from the wallets linked to the Euler exploit.

On March 17, the main exploiter wallet sent 100 Ether to a wallet connected to the $600 million Ronin Bridge exploit.

In April last year, the US Treasury designated Lazarus Group, the cyber gang behind the Ronin bridge hack, as a North Korean government-linked entity.

One week later, the Federal Bureau of Investigation said Lazarus was behind the attack.

“I didn’t know it was North Korea,” Jaime said. “I thought it was just some guy like me.”

NOW READ: North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

Jaime said he sent about $200,000 worth of Ether to the Ronin bridge exploiter as a gift from “one hacker to another hacker,” impressed by the “audacity of the heist” which topped all other DeFi exploits.

‘I thought it was just some guy like me.’

But blockchain transactions are irreversible, and the funds are now with North Korea.

Now, Jaime calls it “a stupid error.”

He declined to answer whether he fears extradition to the US.

“I have too much respect for the US government to talk about it in such a superficial way,” he said.

Euler’s total value locked, a metric that measures investor deposits, is around $76,000, down from just over $300 million before the exploit. The hack has done damage — spooking potential investors from using the protocol.

Euler has plans to launch a v2 — a newer version — and a decentralised exchange called EulerSwap.

Jaime said he wants to help Euler “get back to its previous TVL” once he has dealt with his own problems.

“Things should’ve gone differently,” Jaime said.

Update, July 28: Amended to say that Federico Jaime “reviewed” and not “went through” about 20 DeFi projects before finding a vulnerability in Euler.