Blockchain sleuth uncovers identity of PrismaFi’s hacker, who stole $11m

Detective ZachXBT, who specializes in cryptocurrencies, has uncovered the suspected culprit behind the PrismaFi heist, revealing their role in the $11.1 million theft and extortion attempts.

Detective ZachXBT, a blockchain expert, unearthed the suspected perpetrator of the PrismaFi hack, which cost the protocol over $11 million in cryptocurrency. Through a string of posts, ZachXBT suggested that 0x77, also known as Trung, could be connected to several other exploits.

A look into the suspected involvement of @PrismaFi’s supposed $11.1M exploiter, identified as 0x77 (Trung), in various other exploitation cases.

— ZachXBT (@zachxbt) April 16, 2024

In early March, the Prisma team identified a string of transactions on the MigrateTroveZap contract that ultimately led to a significant loss of 3,257 ETH, or approximately $11.1 million at the time. At first, the attacker contacted the Prisma deployer, insisting it was a well-meaning attempt. However, eventually, all the stolen funds were transferred to Tornado Cash, a cryptocurrency mixer under sanctions.

The person taking advantage went on to put forward extravagant requests, such as a whitehat bounty of $3.8 million, which is more than three times the usual industry rate of 10%. ZachXBT pointed out this amount was exorbitant and essentially amounted to extortion since the team’s treasury did not have enough resources to compensate users for their losses.

Initially, the attacker claimed their attack on Prisma was whitehat, meaning they intended to help identify vulnerabilities. However, later in the day, funds were transferred to Tornado Cash, raising suspicions. The attacker then made extravagant demands, requesting a $3.8M (34%) reward for their supposed good intentions.

— ZachXBT (@zachxbt) April 16, 2024

Through more detailed examination, it was discovered that the malicious actor’s wallet received payments using FixedFloat and could later be traced on Arbitrum, a secondary Ethereum network. Upon examining transaction timestamps, ZachXBT identified connections between the exploiter’s address and withdrawals from TRON, including those processed by the Bybit cryptocurrency exchange.

During the probe, it was discovered that the incidents were related to earlier hacking attempts. For instance, there was the Arcade_xyz breach in March 2023 and the Pine Protocol attack in February this year. The same cybercriminal, going by the name 0x77 on Telegram, was found to be involved, strengthening the connection between these events and the person behind @modulusprotocol.

The investigator revealed they had examined the suspect’s private details, uncovering phone numbers and emails, indicating a strong technical expertise. At present, all obtained personal information has been handed over to Prisma for further legal proceedings against the hacker in Vietnam and Australia. (ZachXBT mentioned)

Read More

2024-04-17 11:54