Over time, crypto hacks have turn out to be extra elaborate and customary. In 2024, the neighborhood has seen a whole lot of tens of millions swept away from exploits and scams, leaving traders empty-handed.
Typically, the exploiters return the funds and level out a mission’s vulnerabilities, serving to stop future incidents. Nevertheless, it’s extra frequent to see hackers take the stolen funds and flee the scene.
Crypto investigator ZachXBT unveiled a series of exploits seemingly related to the self-called Whitehat hacker liable for the Prisma Finance exploit that took $12 million final month.
Stained Whitehat Hacker
On March 28, Prisma Finance, the Ethereum-based decentralized lending protocol, suffered a hack that stole 3,479.24 ETH. After being warned and observing the suspicious exercise, Prisma’s group alerted the neighborhood.
On the time, the hacker contacted the Prisma group by way of an on-chain message, declaring to be a “Whitehat” searching for customers. Throughout their dialog, the exploiter claimed they needed to “increase higher consciousness on critical contract audits” and using DeFi.
The next day, the lending protocol launched an in depth autopsy of the incident. This publish seemingly ruffled the hacker’s feathers, as they demanded that the group change all of the “accusatory phrases” like ‘exploit’ and ‘hacker.’
The messages raised alarms about whether or not the funds can be returned. Seemingly unhappy with the Prisma group’s compliance to edit the autopsy publish, the exploiter requested for a bounty of $3.8 million, price 34% of the entire funds.
1/ An investigation into the alleged $11.1M @PrismaFi exploiter 0x77 (Trung) and the a number of different exploits they’re related to. pic.twitter.com/QU1Oy7Txbb
— ZachXBT (@zachxbt) April 16, 2024
The quantity requested was triple the business commonplace of 10%. In line with the crypto detective, the exploiter was “basically extorting the group” because the treasury didn’t have sufficient funds to reimburse the victims.
Regardless of the Whitehat claims and obvious discomfort with phrases that acknowledged in any other case, the hacker contradicted himself by sending the funds to Twister Money. Additional investigation by the crypto detective revealed that this Whitehat has a number of stains.
Prisma’s Exploiter Linked To A number of Crypto Hacks
ZachXBT’s deep dive into the timing of associated transactions resulted within the discovery of “exercise related to them on Tron.” One handle, TGviNZ, was linked to quite a few exploits.
Per the investigation, TGviNZ was funded by the Arcade_xyz exploit from March 2023. Throughout this incident, the exploiter requested extra funds from the mission by way of Telegram.
Equally, the handle was related to the Pine Protocol exploit from February 2024. This time, the hacker requested for 50% of the funds and allegedly made “extra unreasonable requests over e mail.”
Chain of adresses connecting the Modulus Protocol deployer and the Prisma exploiter. Supply: ZachXBT on X
The crypto sleuth then found that TGviNZ is linked to the deployer of Modulus protocol, a “decentralized, non-custodian platform.” Additional investigation revealed that an X person, “0x77,” was among the many few followers of the protocol.
This proved essential in piecing collectively the puzzle, because the Arcade exploiter used the alias “0x77” on Telegram. A deeper look into the cellphone quantity, e mail addresses used, and different particulars identified the identical suspect behind these exploits.
The small print of the suspected exploiter at the moment are within the arms of the Prisma group, which is investigating whether or not to pursue authorized motion in opposition to the person in Vietnam and Australia.
Crypto Complete Market Cap sitting at $2.207 trillion within the weekly chart. Supply: TOTAL on TradingView
Featured Picture from Unsplash.com, Chart from TradingView.com