- The Prisma attacker has connections with previous hacks in two web3 protocols.
- Attacker initially claimed the attack to be a "white-hat rescue" before depositing the stolen funds to sanctioned mixer Tornado Cash.
- The Prisma team has begun leveraging legal avenues in Vietnam and Australia to apprehend the attacker.
In an X post on Tuesday, popular on-chain analyst @ZachXBT revealed key information that could lead to the potential apprehension of the attacker who hacked Prisma Finance on March 28.
Prisma attacker’s offer to return stolen assets
On March 28, DeFi protocol Prisma Finance suffered an attack on one of its smart contracts, resulting in a loss of 3257 ETH worth $11.1 million at the time. Prisma Finance, which claims to be a liquid staking token-powered stablecoin solution, immediately halted its protocol after the hack, ordering users to revoke access to the smart contract.
The attacker initially enquired about returning the funds through a series of on-chain messages, claiming the hack to be a "white-hat rescue."
Also read: DEX hacker sentenced to three years in prison after stealing $12 million worth of cryptocurrency
A white-hat hacker acts ethically by finding vulnerabilities in computer code and reporting them to the owners. However, in the crypto space, grey-hat hackers search for vulnerabilities, exploit them, and ask for bounties before returning the funds.
3/ At first the attacker communicated with the Prisma deployer the attack was whitehat.
— ZachXBT (@zachxbt) April 16, 2024
Later that day all of the funds were deposited to Tornado Cash contradicting that statement.
The exploiter began making outrageous demands and asked for a $3.8M (34%) whitehat bounty
This… pic.twitter.com/vFdJCJM5mz
Investigations provide a ray of hope for Prisma
An investigation by @ZachXBT revealed that the attacker leveraged an Arbitrum address, Tron address, and Bybit.
The same attacker was connected to hacks in Pine Protocol earlier, at the beginning of the year, and Arcade_xyz last year.
@ZachXBT's further investigation revealed the hacker's potential name to be "Trung" with the X account @Ox77wn
9/ Further analysis was conducted with the phone number, emails, and other details of the alleged exploiter.
— ZachXBT (@zachxbt) April 16, 2024
From their posts on X it is clear they have a strong technical background.
As of now all personal details have been compiled and the Prisma team is pursuing every… pic.twitter.com/GvQIbXbxdG
Prisma resumed operation on April 6 after it claimed to have carried out a security audit.
This comes after a convicted decentralized exchange hacker was sentenced to 3 years in prison after stealing $12 million worth of crypto assets.
Crypto attacks and rug pulls in Q1 2024 reached about $336.3 million, according to bug bounty platform ImmuneFi.