- The Prisma Finance hacker has expressed interest in returning stolen funds a few hours after siphoning them
- Prisma Finance is yet, however, to reveal any ongoing talks with the malicious actor
- The hacker has started transferring the loot into different wallets
Two days after the Munchables NFT game exploiter returned over $62 million of stolen funds without conditions, the Prisma Finance hacker has indicated intentions to follow in the same footsteps. In an on-chain message, the hacker requested contact details of the DeFi platform, saying that the attack was “a whitehat rescue.” Although Prisma Finance is yet to reveal any ongoing talks with the hacker, the attacker has started moving the loot into different wallets raising questions about whether he actually intends to return.
Over $3 Million Sent to Tornado Cash
According to blockchain security firm PeckShield, the exploiter has transferred over $11 million worth of ETH to three wallets. The hacker then transferred roughly 1,000 ETH worth around $3.5 million to the crypto-mixing platform Tornado Cash.
#PeckShieldAlert The @PrismaFi exploiter labeled address 0x57f7 has just transferred another ~800 $ETH to #TornadoCash pic.twitter.com/J0KxxVTuNC
— PeckShieldAlert (@PeckShieldAlert) March 29, 2024
Over 10 hours after the DeFi platform provided the hacker with an email address, the attacker hasn’t sent another on-chain message and neither has Prisma Finance updated its users on any negotiations.
Prisma Finance however revealed that they’re investigating the incident and will mount “attempts to retrieve funds.” Although it said that the protocol had been paused and “remaining funds are safe,” it asked users to “disable delegate approval” to mitigate further risks.
Following the exploit affecting a number of users individual vaults, Prisma Protocol has been paused by the emergency multisig and remaining funds are safe. mkUSD and ULTRA, as stablecoins, are overcollateralized and are not at risk.
Further steps will include:
– Post Mortem
-… https://t.co/5hCptyuP9q— Prisma Finance (@PrismaFi) March 28, 2024
ParaSwap Refunds Hack Victims
The hack comes three days after DeFi network ParaSwap started refunding users affected by a recent smart contract exploit. It also comes a few days after Blast-based game SSS lost over $4 million in an exploit.
With the hacker moving the funds into OFAC-sanctioned platform Tornado Cash and with no reported ongoing negotiations with the Prisma Finance team, the chances of recovering the funds are slim.