white hat bounty

ZachXBT: Prisma attackers suspected of multiple attack incidents, personal information has been obtained

ChainCatcher news, on-chain detective ZachXBT released an investigation regarding the suspected $11.1 million exploit of Prisma by 0x77 (Trung) and several vulnerabilities involved. On March 28, 2024, the Prisma team observed a series of transactions on the MigrateTroveZap contract, resulting in a loss of 3,257 ETH (approximately $11.1 million).Initially, the attacker communicated with the Prisma deployers, claiming it was a white hat attack. However, later that same day, all funds were transferred to Tornado Cash, contradicting the previous statement. The exploiter began to make excessive demands, requesting a $3.8 million (34%) white hat bounty. This amount is far above the industry standard of 10%, effectively extorting the team, as the treasury did not have sufficient assets to compensate users.Through on-chain tracking, PrismaFi exploiter 0x77 was previously implicated in the Arcade exploit incident in March 2023 and the Pine protocol exploit incidents starting in February 2024. Additionally, the exploiter's address is linked to the deployer address of Modulus Protocol. 0x77 is one of the few followers of this project, strengthening the connection between each event. Further analysis of this suspected scammer's phone number, email, and other details has been conducted. Their posts on X indicate they have a strong technical background. Currently, all personal details have been compiled, and the Prisma team is pursuing all possible legal avenues in Vietnam and Australia. ZachXBT urged this scammer to return the funds promptly to prevent further escalation and save time for everyone.

EraLend: If the hacker returns the stolen funds, they can choose to keep 10% as a white hat bounty, and the team will no longer pursue accountability

ChainCatcher message, the zkSync ecological lending protocol EraLend has addressed the hacker on Twitter, stating the following:We know that during yesterday's attack, you could have drained all available liquidity, but you chose to only steal a portion. We believe this is your expression of "goodwill," or a potential concern for the victims and the widespread impact of the severe attack.However, your actions are illegal and have had a destructive impact not only on the 500,000 EraLend users but also on the entire DeFi community. We have reached out to security professionals, CEX, the broader DeFi security community, and law enforcement agencies. We are tracking the traces you left before and after the attack, both on-chain and off-chain.Therefore, we propose: please return 90% of the stolen funds to the following address by July 27th, 14:00 (UTC), and we will stop pursuing you. You can peacefully keep 10% of the stolen funds as a white hat bounty.The receiving wallet address is: 0x9eEE479DCf6075a0cb905c27e8F952910c3bb69D.If the stolen funds are not returned by the deadline, we will have no choice but to escalate this matter. Transactions will be terminated, and we will immediately set up another bounty for anyone who helps us prosecute you and recover the stolen funds. Please make a wise decision. (source link)
ChainCatcher Building the Web3 world with innovators