There is a saying, “a bold thief intimidates the homeowner.” We have witnessed a few incidents in the crypto world that confirm this saying. For instance, in a protocol hack, the attacker promised to take the project further and pay the team higher salaries if the project was completely handed over to them. The most recent incident is somewhat similar and will go down in history.
Prisma Finance Hack
At the time of the incident, we shared the details of this attack. Now, the attacker has revealed their interesting conditions and stated they could return the funds. On March 28th, the DeFi protocol Prisma Finance was hacked, losing 11.6 million dollars worth of 3,257.57 ETH. The team immediately asked users to cancel their delegate approvals and started an audit.
Prisma Finance reports that the attacker identified a critical vulnerability in two versions of the MigrateTroveZap (mkUSD and ULTRA) contracts. So, what is the attacker doing now? They are currently demanding that the entire team reveal their identities in a live broadcast and that the person/team who conducted the code audit be announced as well.
The attacker, who identifies themselves as a White Hacker, also demanded that the protocol improve its security measures.
Hacker and Their Demands
If the Prisma Finance team meets the conditions, the attacker promises to compensate the victims. In part of the message accusing the team, it reads;
“You cannot agree on something with others and then decide whether it’s wrong or right. You are disregarding human rights. You should have been more careful before implementing your contract. Hopefully, this will help people be more cautious when joining DeFi, teams become more responsible, and everyone changes their opinions about such matters.”
If Prisma Finance deletes terms like ‘attack’ and ‘attacker’ from their statements within 12 hours and fulfills all conditions, the victims’ losses will be compensated.
“After the online conference, the amount I will keep and the amount I can send you will be discussed (rest assured, most will be returned), and notes will be sent to your email.”
With their unusual demands, the Prisma Finance attacker has taken a step that will go down in history. Protocols that want to attract relatively well-intentioned attackers publish “vulnerability bounty programs.” Thus, talented developers receive satisfying rewards and help improve protocols without going through all these processes. However, this incident has turned into a protest beyond a hack attack.
