Cyber Attack Crime, Hacker
Prisma's hacker has been "exposed" by prominent blockchain security researcher ZachXBT. Getty Images/Bill Hinton/Contributor

KEY POINTS

  • The Prisma exploiter is linked to the Arcade_xyz hack, as per ZachXBT
  • He also revealed the exploiter's wallets were linked to the Telegram handle using "0x77" as an alias
  • Prisma lost over $11 million when the exploiter carried out a flash loan attack late last month

A well-known blockchain researcher in the cryptocurrency realm has published the "personal details" of hackers who exploited decentralized borrowing protocol Prisma Finance of $11 million late last month.

In a series of posts on X (formerly Twitter), prominent blockchain data researcher and analyst ZachXBT on Tuesday published details about the "multiple other exploits" that the Prisma hacker is allegedly associated with.

Prisma was exploited for over $11 million on March 28, when a hacker pulled off a flash loan attack that resulted in losses of 3,257 Ether (ETH). The exploiter later demanded a public apology from the protocol, saying it should be grateful for the supposed whitehat efforts and should take accountability for what the hacker said were "mistakes" committed by Prisma's developer team.

The exploiter also "began making outrageous demands and asked for a $3.8M (34%) whitehat bounty," which is much higher than the standard 10% that the industry usually offers to whitehats, as per ZachXBT. The on-chain data researcher also noted that Prisma's treasury already doesn't have enough assets to reimburse users, making the exploiter's demands a signal of extortion.

On-chain data reveals that the exploiters address was funded through crypto exchange FixedFloat, and the source address was located on the Arbitrum network through timing analysis, ZachXBT said. ByBit withdrawals received by the hacker soon revealed "activity connected to them on Tron" with wallets "TGviNZ" and "TGdTG."

ZachXBT then traced the "TGviNZ" wallet "funded by the Arcade_xyz exploit from March 2023 where the exploiter requested additional funds from the protocol." Upon further investigation, it was revealed that the Arcade team had been communicating with the exploiter who used the alias "0x77" on Telegram.

ZachXBT found that the same hacker was linked to another exploit on the Pine Protocol in February, wherein the exploiter demanded 50% of the funds "and made additional unreasonable requests over email." Finally, the researcher found that the hacker's address was linked "to the deployer of @modulusprotocol." He added that "0x77 was one of the few followers of the project strengthening the connection between each incident."

Further analysis of the wallet connections was conducted with emails, the phone number and other details of the alleged hacker. "As of now all personal details have been compiled" and Prisma is currently pursuing "every legal avenue in Vietnam and Australia."

ZachXBT then urged the exploiter to return the millions in pilfered funds "and save everyone time before this gets much worse for them."

Prisma asked users to revoke delegate approval following the exploit. It cooperated with a "major security partner" to work on retrieving the stolen funds. The protocol was paused for over a week before going live again on April 7.

Read more