ARTICLE AD
Before the $11 million exploit, Prisma Finance had around $220 million in total value locked (TVL) on the platform. However, the figure took a hit after the attack, bringing its TVL to just $115 million.
The identity of the hacker who stole millions of dollars from the decentralized finance (DeFi) protocol Prisma Finance has been uncovered after weeks of investigation. In a series of posts on the social media platform X, blockchain investigator ZachXBT said he had identified the Prisma Finance hacker by the wallet address 0x77 (or Trung).
Bursted
ZachXBT’s investigations discovered that the hacker’s wallets were funded on-chain through FixedFloat, an automated exchange designed to conceal users’ identities. Unlike other exchanges, the platform does not require Know-Your-Customer (KYC) verifications.
Using timing analysis, the blockchain sleuth traced the source of the funds to Arbitrum, a layer-2 scaling solution built on the Ethereum ecosystem.
4/ On-chain the exploiters address was funded via FixedFloat.
Using timing analysis the source address was then located on Arbitrum.
0xd71f1590ad9008056d5d079835bdf5044c0b81fa
2000 USDT source transaction at 11:13 am UTC…
— ZachXBT (@zachxbt) April 16, 2024
Through the same timing method, the crypto detective also found that the Prisma Finance attacker’s address was connected to withdrawals on the TRON blockchain as well as Bybit.
ZachXBT’s investigation also linked the hacker to other exploits in the industry, including the Arcade_xyz hack in March 2023 and the Pine Protocol exploit in February of this year.
Additionally, the crypto sleuth also found that the Prisma Finance hacker has connections with another known exploiter on Telegram with the pseudonym 0x77 who is still active on the social media platform.
6/ I found TGviNZ funded by the Arcade_xyz exploit from March 2023 where the exploiter requested additional funds from the protocol.
Arcade exploiter
0x807350917efa87fb15ed7eb0952635cdf1c13366
Further investigation revealed the team had been in contact with the exploiter who… pic.twitter.com/nDXr5T1dmH
— ZachXBT (@zachxbt) April 16, 2024
Whitehat Hacker with Dark Intentions
On March 28, 2024, Prisma Finance suffered an exploit that resulted in the loss of approximately 3,257.7 Ethereum (ETH) worth around $11 million at the time.
Initially, the hacker claimed the attack on the liquid staking protocol was a “whitehat rescue” looking to identify vulnerabilities on the platform to help the protocol strengthen its security.
Blockchain analytics firm Etherscan made a post supporting the claim. The company said the attacker had already sent an on-chain message to inquire about how to return the stolen funds using this wallet address “0x2d4…7507a”, which was previously identified as one of the addresses used in the attack on Prisma Finance.
Upon seeing the message, Prisma Finance responded with contract information for negotiations. However, the hope of returning the asset vanished when blockchain security firm Cyvers disclosed that the hacker had already exchanged the stolen funds for another token.
Another crypto security company discovered that the hacker sent approximately 200 Ether from the loot to the OFAC-sanctioned digital asset mixer Tornado Cash.
The move confirmed that the attack on Prisma Finance was not a “whitehat rescue” as claimed.
32 Crypto Projects Exploited in 2024
Before the $11 million exploit, Prisma Finance had around $220 million in total value locked (TVL) on the platform. However, the figure took a hit after the attack, bringing its TVL to just $115 million.
Additionally, the protocol’s native token PRISMA suffered a 30% drop to $0.244 following the news of the attack. Although, according to CoinGecko, the digital asset has already recovered.
Meanwhile, the attack on Prima Finance is one of the many in the crypto industry as hackers continue to exploit and hinder the growth of the DeFi sector.
Four months into 2024 bad actors have already stolen more than $200 million worth of digital assets in the industry. According to Web3 security firm Immunefi, the losses were either caused by rug pulls, hacks, and exit scams on 32 different projects.
Last year, more than $1.8 billion was wiped out from the crypto industry due to hacks and scammers, and 17% of the attacks were linked to the notorious North Korean Lazarus Group.