Subsequently, the assailant transferred $2.5 million via Tornado Cash. A concerned white-hat hacker requests an apology.
Before returning the stolen monies, the self-proclaimed “white hat” hacker who was engaged in the $11.6 million Prisma Finance vulnerability is requesting unusual concessions.
This hacker, along with others, issued the message using an on-chain message during the recent assault on the Prisma Finance liquid staking protocol. The perpetrator of the attack blamed the core developers of Prisma Finance in the message for failing to detect the smart contract flaw that enabled the theft. The hacker also asked that the devs publicly apologize and expose their names in addition to the criticism.
After pausing the protocol, Prisma Finance released a post-mortem that explained how the attack was possible due to a smart contract function’s lack of input validation. The team has said that their primary objective is to recover customer cash. Once all positions are determined to be safe, the protocol will be uncaused.
The post-mortem study states that the stop was implemented to prevent certain procedures in the event of an emergency. New vault openings, increased collateral debt, and deposits into Prisma’s Stability Pools are not possible at this time. Regardless, Prisma Finance’s creators reassure customers that they may still withdraw collateral to lessen the likelihood of locking cash.
Cybersecurity companies Cyvers and Peckshield examined on-chain data and found that the hacker started turning the stolen money into Ether (ETH) not long after the incident. Tornado Cash, a cryptocurrency mixing service sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC), received over 200 ETH, or about $340,000 at the time of writing.
One important statistic for gauging the growth and acceptance of DeFi protocols, Prisma Finance’s total value locked (TVL), has been significantly affected by the attack. Approximately $220 million was Prisma Finance’s TVL before the event. According to DefiLlama, a data aggregator for DeFi, that number has fallen sharply to $87 million since the attack. The significant drop in TVL highlights how serious the hack was and how users and investors may lose faith in the protocol.
Also Read: A Russian License for Tinkoff to Issue Digital Assets Issued April 1, 2024
Wallets