- The Prisma Finance attacker has outlined conditions to be met before returning stolen funds
- One of the conditions is for the DeFi protocol team to publicly reveal their identitiesx
- The hacker said that he isn’t comfortable with returning the funds to anonymous individuals
A few days after disclosing that he was a white hat hacker and moving funds to Tornado Cash, the Prisma Finance attacker requested signs of good faith from the DeFi protocol’s developers before returning the funds. Among the conditions is for the Prisma Finance team to publicly dox themselves, something the attacker said will make him more willing to return the funds knowing the real faces behind the project. Another condition is for the team to apologize for making incriminating comments about the attacker, a demand that resembles that of the KyberSwap hacker who requested the KyberSwap team to be civil, not hostile.
Funds Moved to a Safer Place
In an on-chain message, the hacker disclosed that he moved the “funds to a safer place” and tasked Prisma Finance to explain whether its smart contract was “audited before it was deployed.” According to the exploiter, the questions are meant to raise awareness of the importance of contract audits and the need for developers to take their work seriously.
In its response, Prisma Finance failed to provide concise answers to the questions, something that angered the attacker. The hacker said the DeFi protocol’s team lacks sincerity, gratitude and remorse.
The hacker also lamented that the project considered his actions an “attack [or] exploit,” adding that the terms are misleading since he, as everybody else, adhered to the “terms of the smart contract [Prisma Finance] deployed.”
Hacker Not Yet Satisfied
Despite the DeFi platform disclosing that they removed the wording from their post-mortem report, the hacker isn’t satisfied that the protocol has “shown good faith.”
In collaboration with @PrismaRisk and @wavey0x, we are publishing a comprehensive post-mortem report on yesterday’s event. https://t.co/DljZSs3ssK
We are fully mobilized to retrieve users’ funds and we will keep you updated on next steps.
The most important action users can… pic.twitter.com/MUr1yqqBKX
— Prisma Finance (@PrismaFi) March 29, 2024
The hacker’s demands come five days after the Munchables exploiter returned over $60 million without conditions.
With Prisma Finance and the exploiter yet to agree, it may take time before affected users are made whole.