The exploiter of flash loans claims to have "no intention of keeping what is not ours" and want to "accord" with Euler Finance.

Euler Finance, an Ethereum-based lending platform, may be one step closer to retrieving cash lost in a $196 million flash loan incident last week, with private conversations now underway with the exploiter.

On March 20, days after delivering cash to a red-flagged North Korean address, the exploiter stated they now wish to "reach to an arrangement" with #Euler in an on-chain message.

"We want to make this easy on all those involved. We have no intention of retaining what is not ours. Establishing secure communication. "Let us reach a deal," the exploiter remarked.

Hours later, Euler replied with its own on-chain message, acknowledging the message and asking the exploiter to talk “in private,” stating:

“Message received. Let's talk in private on blockscan via the Euler Deployer address and one of your EOAs, via signed messages over email at contact@euler.foundation, or any other channel of your choice. Reply with your preference.”

Euler has previously attempted to reach an agreement with the exploiter following the exploit, demanding that they restore 90% of the monies they stole within 24 hours or face legal penalties.

There was no reaction, so Euler issued a $1 bounty prize for any information leading to the exploiter's arrest and return of the funds 24 hours later.

While the exploiter's identity is unknown, the current language used by the exploiter may indicate that more than one individual is engaged.

Chainalysis, a blockchain analytics firm, tweeted on March 17 that a recent 100 Ether (ETH) transfer to a wallet address associated with North Korea could indicate that the breach was carried out by the "DPRK" — the Democratic People's Republic of Korea.

Based on the firm, this could be an intentional attempt to mislead investigators.

Additional transactions from the exploiter's wallet address include 3000 ETH sent back to #EulerFinance on March 18, as well as cash sent to cryptocurrency mixer #TornadoCash and an alleged victim of the exploit.

On March 20, another address contacted Euler on-chain, claiming to have discovered a "solid string of connections" that could assist them in determining who and where the exploiter was.