Less than six hours after stealing almost $12 million from the DeFi protocol Prisma Finance, the hacker contacted the team and proposed returning the funds. However, he has asked for a ransom for his “white hacking” activity and is asking who to contact to refund the funds.
The term white hat literally means “white hat hacker”, but in the world of technology, it refers to a hacker who tries to find security vulnerabilities. It differs from the “black hat”, which is the hacker who carries out attacks with the aim of stealing funds or damaging a system.
In other words, the hacker claimed that his goal was to identify errors in Prisma Finance, something he was successful at. Now, the hacker is asking for a reward for the “help”.
Hacker asks for reward to release funds
Six hours after the Prisma Finance attack, the attacker sent a message claiming it was a “white hat rescue” aimed at helping the platform. However, the message recorded on the Etherscan platform did not contain access data for the stolen funds.
On the other hand, the attacker asked how to return the funds to the protocol using the address “0x2d4…7507a”. According to security company PeckShield, this is one of the addresses linked to the attack.
In response, about two hours later, Prisma Finance provided contact information for trading. But before getting in touch, the hacker hid the source of the funds through the Tornado Cash mixer.
According to PeckShield estimates, the hacker stole around 3,200 ETH and sent the amounts to three separate addresses. What he proposes is to use one of these addresses to return all the stolen money.
With good intentions…
Despite the claim of good intentions, blockchain security firm Cyvers mentioned that the attacker exchanged the stolen funds for Ether (ETH) shortly after the message. PeckShield also later detected a transfer of around 200 Ether to Tornado Cash.
The mixer received sanctions from US authorities for alleged links to other attacks in the past. Hackers often use Tornado Cash to hide transactions and funding sources.
In response to the attack, Prisma Finance halted its DeFi protocol and is still investigating the cause. The change impacted the platform, with the total value locked (TVL) dropping from $220 million to $107 million, according to DeFi Llama.
Hackers, not frauds
According to Immunefi, a web3 security company, in the first months of 2024, hackers have already stolen more than US$200 million in cryptocurrencies through scams. During this period there were 32 individual incidents, practically one attack every two days.
In 2023, there was a total loss of US$1.8 billion due to hacks and scams, with 17% linked to the North Korean group Lazarus.
Most of the funds lost were due to hacker attacks and not fraud. Just $103 million was lost to clearly identifiable fraud schemes like rug pulls, while more than $1.6 billion was lost to hacking attacks.
Of these losses, $1.3 billion occurred in protocols claiming to be decentralized, while just $409 million was lost in centralized finance (CeFi) protocols.
In response to these developments, the Prisma governance token (PRISMA) suffered a 30% drop to $0.244 following news of the attack.
Source: https://www.criptofacil.com/hacker-do-prisma-finance-pede-resgate-para-devolver-fundos/
