Home
News
Prisma Finance’s hacker called the $11.6 million exploit a “whitehat rescue” after proceeding to exchange the stolen funds for ETH.
On March 28, the DeFi protocol Prisma Finance was targeted by hackers who exploited it for around $10 million worth of cryptocurrencies. The first to detect the anomaly was on-chain security alert provider ‘Cyvers’, who reported that they had detected multiple suspicious transactions that were still ongoing, with a total loss of about $9M.
How did The Hacker Steal the Money?
The attacker was found to have been funded by username_2. Cyvers detected another fraudulent transaction of $1 million shortly after the initial alert. This transaction brought the total amount of exploited funds to nearly $10 million.
However, ($Prisma) Finance immediately announced that its core engineers and contributors would pause the protocol and investigate. DefiLlama announced that Prisma, a decentralized liquid staking token protocol, currently has more than $222 million in total value locked (TVL).
After carrying out the initial exploit, the attacker proceeded to swap the stolen funds to Ether, as per Cyvers. The attack is ongoing, as on-chain security firm PeckShield reported in a March 28 X post at 12:28 p.m.
UTC. PeckShield’s post also showed that other scammers are trying to benefit from the exploit. Upon closer inspection, it can be seen that the fraudulent account has no connection to Prisma Finance.
Hacker Claimed To Be On the Friendly Side
The message was sent six hours after the hack and came from the address “0x2d4…7507a,” previously identified as one of three addresses linked to the attack. ($Prisma) Prisma Finance responded to the message about two hours later, asking the exploiter to contact them at [email protected].
The Hacker then claimed the attack was a “whitehat rescue” and exchanged the stolen funds for Ether (ETH). PeckShield later observed that about 200 Ether was transferred to OFAC-sanctioned cryptocurrency mixer Tornado Cash.
Friendly But Not Friendly
In cybersecurity, a “white hat hacker” refers to someone who uses their hacking skills to identify security vulnerabilities in software code. Moreover, the issue is often reported to the creator of the attack vector instead of exploiting it.
Hackers in the cryptocurrency industry frequently take advantage of the protocol and request a “white hat bounty” to gain immunity. On the contrary, there have also been instances where stolen funds were returned without any reward.
Actions By Prisma Finance
Prisma Finance engineers have since stopped the DeFi protocol while the firm continues investigating the attack’s root cause. Following the incident, Prisma Finance’s total value locked decreased from $220M to $115M, and the PRISMA token fell 30%, but it has since recovered.
Growing Scams in the Crypto Industry
The crypto hacks continue to undermine the industry’s legitimacy, with over $200 million worth of crypto lost to hacks and rug pulls in 2024. Additionally, across 32 individual incidents up to the end of February, according to blockchain security firm Immunefi.
According to a December 28 report by a research firm, a total of $1.8 billion was lost to crypto hacks and scammers in 2023. Additionally, 17% of the loss was attributed to the North Korean Lazarus Group.
Summary
Prisma Finance, a DeFi platform, was hacked, resulting in the theft of $10 million worth of cryptocurrencies. The attacker exchanged the stolen funds for Ether (ETH) and claimed it was a “whitehat rescue.” Over $200 million worth of crypto was lost to hacks and rug pulls in 2024.
Disclaimer
The views and opinions stated by the author or any people named in this article are for informational purposes only. They do not establish financial, investment, or other advice. Investing in or trading in stocks, cryptos, or other related indexes comes with a risk of financial loss.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.
