On Thursday, March 28, a hack occurred on Prisma Finance, a decentralized lending protocol on the Ethereum network. The exploiter carted away about 3,257.7 ETH (equivalent to $11.6 million) via a flash loan attack on the protocol.
On Friday, March 29, the Prisma Finance hacker transferred some of the proceeds from the theft to crypto mixer Tornado Cash in multiple transactions. According to PeckShield, $2.7 million in ETH was moved in one transaction and $3.8 million in another.
What’s most interesting is the hacker sent an on-chain message barely six hours after the attack through one of the addresses linked to the heist, claiming they are a “white hat hacker.” And the exploiter has continued to send on-chain messages to Prisma Finance’s team since the theft occurred.
Was Prisma Finance ‘Sloppy’ In The $11.6 Million Loss?
In a series of on-chain messages, the exploiter criticized the team behind Prisma Finance for not catching the loophole in the protocol, which allowed the exploit to take place in the first place. The hacker also requested an online press conference in which the protocol’s team would reveal their identity while apologizing and appreciating their users and investors.
The attacker said in the message:
During that session, you must specifically present the mistake you made, which party audited the smart contract, and your plan to improve security in the future (what you would do before deploying a new contract, how you react when something you don’t expect comes, etc.).
The hacker also emphasized the need for users to be more careful in the decentralized finance (DeFi) industry and when interacting with various smart contracts. “I look forward to your online conference. After it happens, the amount I would keep and the amount that I can send to you would be discussed (stay assured, most of it would be returned), and the notes would be sent to your email,” the hacker added.
A particular accusation that caught the eye in the hacker’s latest message is that “no professional developers can easily make that mistake.” The attacker said that if they had not exploited the loophole in the smart contract, it could have been the “perfect backdoor” for the protocol’s team.
As of this writing, Prisma Finance has paused all operations on its protocol. Meanwhile, the total value locked (TVL) on the platform stands at about $85.65 million, down by 61% since the hack.
Crypto Hack Losses Witness Decline In 2024 Q1: Report
In a new report by Immunefi, the cryptocurrency industry suffered relatively fewer losses due to hacks and scams in the first quarter of 2024. Compared to 2023’s first quarter, the value lost to exploits and cyber attacks is down by 23%.
Total hack incidents in the first quarter of 2024 | Source: Immunefi
According to the blockchain security firm, approximately $336.3 million was lost to hacks and scams in the first quarter of 2024. Specifically, Immunefi identified 46 hacking incidents and 15 cases of fraudulent activities.
Furthermore, the report revealed that DeFi protocols are still the primary targets for cyber attackers, accounting for all the reported hack incidents in Q1. Notably, the cross-chain protocol Orbit Bridge suffered the largest exploit in the past three months, losing about $82 million on January 1.
Total cryptocurrency market cap at $2.581 trillion on the daily timeframe | Source: TOTAL chart on TradingView