A hacker responsible for an $11.6 million breach at Prisma Finance has outlined conditions for returning stolen assets. The hacker insists on an online conference in which team members would reveal their identities and address past mistakes. Despite the skepticism of the community and the use of tools to mix cryptocurrencies, the hacker assures that the stolen funds will be returned.
A white hat hacker (or ethical hacker) recently breached the Prisma Finance decentralized protocol, making off with $11.6 million. The hackers’ actions of this type aim to reveal the vulnerabilities and security gaps in digital protocols. This encourages developers to be more attentive.
The antithesis of these are the black-hats, who are malicious and their activities turn them into criminals. Thus, when a protocol receives a black hat attack, it is a theft. In that sense, it is unlikely that the funds will be recovered. A white hat attacker usually returns the funds, but leaves some penalty.
The latter was precisely the case with Prisma Finance. The attacker violated the protocol and without any restrictions extracted $11.6 million from the app’s clients. Although the attacker sent the funds to Tornado Cash (something criminals typically do), he later claimed to be a white hat.
In his contact with the protocol, the anonymous attacker promised to return the funds in exchange for a penalty, which consists of the protocol founders revealing their identity in a live broadcast and apologizing to their users and investors.
Hacker Shares Conditions to Return Prisma Finance Funds
The Prisma Finance hacker’s pressure measure aims to expose the irresponsibility of the developers. Consequently, the team behind the project will have to publicly acknowledge its laxity in monitoring security.
On the other hand, the attacker asked the protocol board not to make any accusations against him. Furthermore, they are obliged to stop their aggressive and accusatory language against them within 24 hours. Until now, those responsible for the protocol maintain that they are victims of a hacker.
He also wants the team to address past mistakes, reveal the smart contract auditor and present plans to improve security measures. Additionally, Prisma Finance must also inform the community about contract deployment strategies and emergency response protocols.
The hacker also expressed displeasure with terms like “exploit” and “hack” in the post-mortem audit. He emphasized that the illicit transactions complied with the terms of the smart contracts agreed to by all parties:
“You cannot agree on something with others and then judge that it is wrong or true. There are no human rights. They should have been more careful before deploying their contract. I hope this helps people be more careful when participating in DeFi, makes teams more responsible, and changes everyone’s mind about these kinds of things.”
More about Prisma Finance’s Hacker
The hacker’s method of exploiting the Prisma Finance vulnerability was through a malicious contract. The funds he received came from FixedFloat and he then applied the contract to extract the $11.6 million.
The hacker refuted accusations of malicious intent and further urged Prisma Finance to retract the allegations within 12 hours. Despite these demands for the return of stolen funds, the cryptocurrency community questions the hacker’s white hat status.
He has used the OFAC-sanctioned Tornado Cash cryptocurrency mixing tool to obfuscate his transactions. Blockchain security company Peckshield reported that addresses belonging to the hacker moved more than 1,000 ETH through the mixer.
By Audy Castaneda
