Computer Hacker
Prisma Finance's hacker claims it only wants the protocol's development team to be held accountable and take responsibility for mistakes committed that made the system vulnerable to cyberattacks. TheDigitalArtist/Pixabay

KEY POINTS

  • The hacker demanded that Prisma show sincerity, gratitude and remorse for its 'mistakes'
  • Prisma questioned the hacker's motives for delaying the return of funds and discussing a bounty
  • The attacker said users should rest assured it was a whitehat attack that sought to hold developers accountable

A wallet connected to the multi-billion-dollar flash loan attack of liquid staking protocol Prisma Finance has demanded that the team behind the crypto firm reveal themselves, make a public apology, and be grateful for the hacker's supposed whitehat efforts.

In a string of on-chain messages to Prisma Finance over the weekend, the hacker demanded answers regarding the protocol's next steps following the attack that resulted in $11.6 million in losses. "I'm not doing this for anything but to raise better awareness on serious contract audits, on developers attitudes towards their work, and on projects responsibility," the wallet owner clarified.

Prisma responded, telling the attacker that it appreciates the efforts developers make in ensuring that smart contracts are not susceptible to attacks, reiterating that it takes such responsibility seriously. The protocol said it would "take some time to reflect on what happened" once the stolen funds were returned.

However, it warned that the longer the hacker drags the time on instead of returning the funds, there will be "more harm" to users, "and the bigger the risk becomes that your white hat starts to look like something else." It also offered to discuss a bounty.

The hacker, who claimed to be a whitehat – also called an "ethical security" hacker who uses hacking skills to detect system vulnerabilities – responded in kind, saying Prisma lacks sincerity, gratitude, and remorse. It said the protocol didn't reply as soon as it could to the supposed "white hat rescue," did not "thank me or the user for waiting," and did not apologize to users, nor offer solutions or system improvement plans. "So, it's hard for me to hand over everything to you without knowing who you are."

In its final response, the crypto firm said it has removed "language you disliked" from the post-mortem report "as a final show of good faith." It argued that there was "little evidence" that the hacker sincerely wanted to return the pilfered assets, unlike other whitehats who "would have returned at least some of the funds by now."

The hacker responded further, saying the protocol shouldn't attempt to "escape from your mistakes and to get rid of your responsibilities," adding that other blackhat hackers and perpetrators would have done the same to the system.

Finally, the attacker addressed users of the protocol, saying "you'll be fine," noting that if the attack were from a blackhat, "I would have walked away." The hacker said users of decentralized finance (DeFi) shouldn't experience the same vulnerabilities again, and people "who make mistakes" should take responsibility and not blame others.

Two users responded to the on-chain exchange. One praised the hacker for taking a stand. "I can say for certain that any competent dev teams watching what has unfolded will not be acting so irresponsibly in the future." Another expressed understanding of the hacker's motivation for breaking into Prisma's system, "but this kind of action only really hurts the users."

By early Monday, Prisma wrote that it was working toward recovering the funds and was focused on protecting some $540,000 in funds "still at risk" of being exploited. It also explained that it is expecting to unpause the protocol within the next few days.

Prisma was exploited for $11.6 million Thursday, with the hacker targeting smart contracts. The protocol was paused and users were asked to disable contract approvals.

Read more