Prisma Finance Exploited for $11.6M, Exploiter Wants to Return Loot

A few hours after the exploit, the attacker contacted Prisma Finance asking for the appropriate contact to refund the stolen amount.

The decentralized finance (DeFi) protocol Prisma Finance recently experienced a security breach which resulted in the loss of about $11.6 million in cryptocurrencies. In a twist, the exploiter shared in a message that the attack was conducted as a "whitehat rescue" and plans to return the stolen funds. So far, 2024 has seen more than $200 million in losses due to hacks and fraudulent schemes. Additionally, a massive malware campaign is targeting video gamers using cheat software, leading to the theft of login credentials and Bitcoin from millions of accounts.

Prisma Finance Exploited for Millions

Decentralized finance (DeFi) protocol Prisma Finance recently suffered a security breach, resulting in the loss of about $10 million in cryptocurrencies. The exploit was first seen by on-chain security alert provider Cyvers on Mar. 28, who identified multiple suspicious transactions associated with Prisma Finance. These transactions, which at first amounted to around $9 million, were quickly followed by another $1 million in fraudulent activities.

In response to the breach, Prisma Finance announced a temporary halt of the protocol to allow for a thorough investigation by its core engineers and contributors. Prisma Finance operates as a decentralized liquid staking token protocol that had over $222 million in total value locked (TVL) before the attack, according to data from DefiLlama.

Unfortunately, the situation got even worse as the attacker began converting the stolen funds into Ether (ETH), pushing the total losses to approximately $11.6 million. The ongoing attack was confirmed by another on-chain security firm, PeckShield, which also made people aware of the new risk of scams in the wake of the exploit. PeckShield's warning came after scam accounts tried to capitalize on the situation by impersonating Prisma Finance in social media interactions.

This recent hack is just one of many in the crypto industry, which has seen more than $200 million lost to hacks and fraudulent schemes in 2024 alone. A big portion of the losses in the past year has been attributed to the North Korean Lazarus Group.

Exploiter Claims Whitehat Rescue

Very interestingly, after the $11.6 million exploit of Prisma Finance, the hacker behind the attack claimed it was a "whitehat rescue" and is seeking to return the funds. This declaration was made through an on-chain message from an address linked to the attack, only six hours after the exploit. The hacker's message also asked about the appropriate contact to refund the stolen amount, to which Prisma Finance very quickly provided an email address for negotiations.

White hat hackers typically identify and report security vulnerabilities without exploiting them, unlike the more predatory methods usually seen in cybersecurity breaches. In the crypto sphere, however, it's not unusual for hackers to demand a bounty in exchange for revealing vulnerabilities, though there are still times where funds are returned voluntarily without demands.

The exploit saw malicious transactions being executed, which led to the theft of about $11.6 million, according to PeckShield. These funds were dispersed across three addresses and partially converted to ETH. A portion of the stolen assets was moved to the OFAC-sanctioned cryptocurrency mixer Tornado Cash.

Before the incident, the protocol had a total value locked (TVL) of around $220 million, a figure that has since dropped to $115 million.

The market reaction was swift, with the Prisma Governance Token (PRISMA) experiencing a 30% drop in value immediately after the attack. Nonetheless, the token has shown resilience, recovering to a degree in the aftermath. At press time, data from CoinMarketCap indicated that PRISMA was worth about $0.2969, a 16.40% drop from its price 24 hours ago.

Massive Malware Campaign Hits Gamers

Meanwhile, a cyberattack has been launched against video gamers, particularly those using cheat software, which has resulted in the theft of login credentials and Bitcoin from millions of accounts. The malware campaign, revealed by malware information hub vx-underground and reported on Mar. 28, is orchestrated by an unidentified threat actor. This campaign specifically targets users of pay-to-cheat video game software, affecting more than 4.9 million accounts associated with Activision Blizzard and its game store, as well as accounts on the game-focused trading site Elite PVPers and cheat software markets PhantomOverlay and UnknownCheats.

Victims of the malware have reported major losses, with their Electrum Bitcoin wallets being drained, although the total amount of stolen funds is still not known just yet. The attackers seem to have used a network of free or inexpensive software, possibly originating from a widely used latency program or VPN, thereby implicating a vast number of gamers in this extensive infostealer malware campaign.

PhantomOverlay, one of the impacted platforms, contested the reported number of compromised accounts, suggesting that many of the logins in the leaked database were invalid. Nevertheless, the platform still acknowledges the seriousness of the malware. In fact, this cyberattack is the largest infostealer campaign in the gaming and cheating community's history. Despite having suspicions about the source of the malware, PhantomOverlay is still experiencing issues with proving the origins because of the malware gang's awareness and evasion efforts.

Activision Blizzard has been informed of the breach and has reached out to assist affected users. The company also advised users to change their passwords as a precautionary measure.