According to Etherscan data, the Curve Deployer 2 address (address starting with 0xbabe6) sent an on-chain message to the alETH pool attacker, asking them to return the stolen funds to the Alchemix multisig: address starting with 0x9e2b63.
Previously, the alETH pool attacker sent a message to the Curve contract deployment address saying, "Please confirm on Twitter that the address starts with 0xbabe61 to make sure we don't make a mistake." The attacker may return the funds.
