6 months ago
41 ARTICLE AD
Attacker transferred $2.5 million to Tornado Cash mixer
The self-labeled “white hat” hacker involved in the $11.6 million exploit of Prisma Financ is demanding unusual concessions before returning the stolen funds.
This hacker, one of multiple attackers in the recent exploit of liquid staking protocol Prisma Finance, sent the communication through an on-chain message. In the message, the hacker criticized the Prisma Finance core developers for not catching the smart contract vulnerability that led to the theft. Along with the criticism, the hacker demanded a public apology from the developers, adding that they should reveal their identities.
“I like to see your faces lying sincere words,” the hacker said. “I hope you could spend time thinking thoroughly and sincerely of what mistakes you made.”
Prisma Finance has since paused the protocol and published a post-mortem detailing the lack of input validation on a smart contract function that enabled the exploit. The team stated that retrieving user funds is their main focus, and unpausing the protocol will follow once all positions are deemed safe.
According to the published post-mortem report, the pause was done as a security measure to block out certain operations in the case of such an emergency. Functions such as opening new vaults, increasing collateral debt, and depositing into Prisma’s Stability Pools are disabled. Despite this, the developers from Prisma Finance assure their users that they may still withdraw collateral to minimize the risk of locked funds.
On-chain data analyzed by blockchain security firms Cyvers and Peckshield indicate the hacker began converting the stolen funds into Ether (ETH) shortly after the attack. Approximately 200 ETH, worth around $340,000 at the time of writing, was then sent to the cryptocurrency mixing service Tornado Cash, which has been sanctioned by the United States Treasury’s Office of Foreign Assets Control (OFAC).
The exploit has had a significant impact on Prisma Finance’s total value locked (TVL), a key metric for measuring the adoption and growth of DeFi protocols. Prior to the incident, Prisma Finance boasted a TVL of around $220 million. However, in the aftermath of the exploit, that figure has dropped dramatically to $87 million, as reported by DeFi data aggregator DefiLlama. This sharp decline in TVL underscores the severity of the attack and the potential loss of confidence among users and investors in the protocol.
The report also details that 14 accounts have yet to revoke the affected smart contract, with approximately $540,000 in collateral still at risk. The protocol’s total value locked has dropped from $220 million before the exploit to $87 million as of the time of writing.
The Prisma team has not yet publicly responded to the hacker’s demands, nor have they responded within the thread of the on-chain message.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing's own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
