Blockchain sleuth uncovers identity of PrismaFi’s hacker, who stole $11m
Crypto detective ZachXBT has identified the alleged PrismaFi hacker, exposing their involvement in the $11.1 million theft and subsequent demands.
Blockchain sleuth ZachXBT uncovered an alleged attacker behind the PrismaFi hack, which left the protocol without $11.1 million worth of crypto. In a series of X posts, ZachXBT revealed that the exploiter, known as 0x77 (or Trung) might be linked to multiple other exploits.
The Prisma team detected a series of transactions on the MigrateTroveZap contract earlier in March, which eventually resulted in a loss of 3,257 ETH (equivalent to $11.1 million at the time). Initially, the attacker communicated with the Prisma deployer, claiming the attack was just a whitehat initiative. However, all the funds were later deposited to Tornado Cash, a sanctioned crypto mixer.
The exploiter proceeded to make audacious demands, including a $3.8 million (34%) whitehat bounty, significantly higher than the industry standard of 10%, ZachXBT noted, adding that the demand was “essentially extorting the team as the treasury does not have sufficient assets to reimburse users.”
Further investigation revealed that the exploiter’s address received funds via FixedFloat and was subsequently located on Arbitrum, a layer-2 solution on Ethereum. By analyzing timing, ZachXBT found that the exploiter’s address was connected to withdrawals on TRON, including those from the Bybit crypto exchange.
The investigation also uncovered connections to previous exploits, such as the Arcade_xyz exploit from March 2023 and the Pine Protocol exploit from February this year. The exploiter, using the alias 0x77 on Telegram, remained active, with ties to the deployer of @modulusprotocol, further solidifying the link between each incident.
The investigator also disclosed conducting an analysis of the exploiter’s personal information, gathering phone numbers and emails, which suggested a proficient technical background. Currently, all gathered personal data has been forwarded to the Prisma team, who are pursuing legal action against the hacker in Vietnam and Australia, ZachXBT added.