The investigator claimed to be targeted as a suspect because they maintained a crypto security repo on GitHub.
Join us on social networks
The pseudonymous Twitter user and blockchain investigator Officer’s Notes believes they may have been a suspect in the $195 million Euler Finance hack. In an April 4 Twitter thread, the security researcher stated, “Seems like I was a suspect in this case, as usual.”
The Euler team has denied that Officer’s Notes was a suspect, claiming instead that the researcher was helpful in the investigation.
Officer’s Notes, also known as Officer_cia, is a security researcher, blogger and auditor for blockchain security firm Pessimistic, according to their Twitter bio. Their blog posts are featured on Pessimistic’s official website and contain in-depth explanations of crypto security topics. They also maintain the “Crypto Op Sec Self Guard” GitHub repo, which features privacy tools for crypto users.
In their Twitter thread, Officer’s Notes states that the Euler team woke them up “in the middle of the night,” asking for access data logs from the Op Sec repo, including IP addresses of people who have visited it. Officer’s Notes complied with the request after being told that “this data was crucial in the investigation.”
Officer’s Notes expressed remorse for handing out this information, seeing it as a violation of readers’ privacy:
The blogger stated they might have been seen as a suspect in the Euler hacking case but protested the notion because they were too busy to commit any such crime:
In a conversation with Cointelegraph, a representative from Euler stated that Officer’s Notes was never a suspect and that the team later thanked them for their help with the case:
Euler Finance was the victim of a flash loan exploit on March 13. Over $195 million worth of crypto was stolen in the attack. On March 20, the attacker attempted to open negotiations with the Euler team to return the stolen funds. On March 18, they posted an apology letter to the Ethereum network, saying, “I didn’t want to, but I messed with others’ money, others’ jobs, others’ lives. […] I’m sorry.”
The attacker returned all of the recoverable funds by April 4.