{"id":10291,"date":"2024-04-18T02:18:46","date_gmt":"2024-04-18T02:18:46","guid":{"rendered":"https:\/\/www.bitrabo.com\/discover\/chain-of-exploits-investigator-unveils-connection-between-multiple-crypto-hacks\/"},"modified":"2024-04-18T02:18:46","modified_gmt":"2024-04-18T02:18:46","slug":"chain-of-exploits-investigator-unveils-connection-between-multiple-crypto-hacks","status":"publish","type":"post","link":"https:\/\/www.bitrabo.com\/discover\/chain-of-exploits-investigator-unveils-connection-between-multiple-crypto-hacks\/","title":{"rendered":"Chain Of Exploits? Investigator Unveils Connection Between Multiple Crypto Hacks"},"content":{"rendered":"

Over the years, crypto hacks have become more elaborate and common. In 2024, the community has seen hundreds of millions swept away from exploits and scams, leaving investors empty-handed.<\/p>\n

Sometimes, the exploiters return the funds and point out a project\u2019s vulnerabilities, helping prevent future incidents. However, it\u2019s more common to see hackers take the stolen funds and flee the scene.<\/p>\n

Crypto investigator ZachXBT unveiled a chain of exploits seemingly connected to the self-called Whitehat hacker responsible for the Prisma Finance exploit that took $12 million last month.<\/p>\n

<\/span>Stained Whitehat Hacker<\/span><\/h2>\n

On March 28, Prisma Finance, the Ethereum-based decentralized lending protocol, suffered a hack that stole 3,479.24 ETH. After being warned and observing the suspicious activity, Prisma’s team alerted the community.<\/p>\n

At the time, the hacker contacted the Prisma team through an on-chain message, declaring to be a “Whitehat\u201d looking out for users. During their conversation, the exploiter claimed they wanted to \u201craise better awareness on serious contract audits\u201d and the use of DeFi.<\/p>\n

The following day, the lending protocol released a detailed post-mortem of the incident. This post seemingly ruffled the hacker\u2019s feathers, as they demanded that the team change all the \u201caccusatory terms\u201d like \u2018exploit\u2019 and \u2018hacker.\u2019<\/p>\n

The messages raised alarms about whether the funds would be returned. Seemingly unsatisfied with the Prisma team\u2019s compliance to edit the post-mortem post, the exploiter asked for a bounty of $3.8 million, worth 34% of the total funds.<\/p>\n

\n

1\/ An investigation into the alleged $11.1M @PrismaFi<\/a> exploiter 0x77 (Trung) and the multiple other exploits they are connected to. pic.twitter.com\/QU1Oy7Txbb<\/a><\/p>\n

— ZachXBT (@zachxbt) April 16, 2024<\/a><\/p>\n<\/blockquote>\n

The amount asked was triple the industry standard of 10%. According to the crypto detective, the exploiter was \u201cessentially extorting the team\u201d as the treasury didn\u2019t have enough funds to reimburse the victims.<\/p>\n

Despite the Whitehat claims and apparent discomfort with terms that stated otherwise, the hacker contradicted himself by sending the funds to Tornado Cash. Further investigation by the crypto detective revealed that this Whitehat has several stains.<\/p>\n

<\/span>Prisma\u2019s Exploiter Connected To Several Crypto Hacks<\/span><\/h2>\n

ZachXBT\u2019s deep dive into the timing of related transactions resulted in the discovery of \u201cactivity connected to them on Tron.\u201d One address, TGviNZ, was linked to numerous exploits.<\/p>\n

Per the investigation, TGviNZ was funded<\/a> by the Arcade_xyz exploit from March 2023. During this incident, the exploiter requested additional funds from the project via Telegram.<\/p>\n

Similarly, the address was connected to the Pine Protocol exploit from February 2024. This time, the hacker asked for 50% of the funds and allegedly made \u201cadditional unreasonable requests over email.\u201d<\/p>\n

<\/p>\n

The crypto sleuth then discovered that TGviNZ is linked to the deployer of Modulus protocol, a \u201cdecentralized, non-custodian platform.\u201d \u00a0Further investigation revealed that an X user, \u201c0x77,\u201d was among the few followers of the protocol.<\/p>\n

This proved crucial in piecing together the puzzle, as the Arcade exploiter used the alias \u201c0x77\u201d on Telegram. A deeper look into the phone number, email addresses used, and other details pointed out the same suspect behind these exploits.<\/p>\n

The details of the suspected exploiter are now in the hands of the Prisma team, which is investigating whether to pursue legal action against the individual in Vietnam and Australia.<\/p>\n

\"Crypto,<\/p>\n