Prisma Finance crypto theft caps strange week of platform breaches

Two prominent crypto platforms were compromised this week, with millions worth of cryptocurrency stolen by hackers with confusing motives.

On Tuesday evening, the Munchables blockchain-based game said it was attacked, and several security firms said about $62 million worth of cryptocurrency was stolen from the game. 

Rumors spread among seasoned crypto-theft trackers that the attackers were somehow connected to North Korea — whose military and government have turned attacks on cryptocurrency platforms a significant source of revenue. 

But within hours, the company said the alleged developer who launched the attack agreed to return the stolen funds “without any condition.”

“The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH [about $258,000 in Wrapped Ether], and the owner key which contains the rest of the funds,” the company wrote on social media. 

Munchables shared a message from the company’s founder Tieshun Roquerre saying they were “grateful the ex munchables dev opted to return all funds in the end without any ransom required.” 

“It’s important that all dev teams, whether directly affected or not, learn from this and take precautions to be more thorough on security. In the meantime, we’re working to support the munchables team to distribute the funds back to users safely,” Roquerre said, echoing other posts from Munchables about how the refunding process will go. 

The company did not respond to requests for comment about how the incident occurred, whether the person behind the incident was from North Korea or why the hacker decided to return the funds with no ransom. 

That incident was followed by another on Thursday evening when a hacker stole about $11.6 million from Prisma Finance — a popular decentralized finance (DeFi) platform. The platform confirmed the compromise and immediately began an investigation. 

But in several strange messages that could be seen on the blockchain, the hacker behind the incident reached out to say it was a “white hat” hack — meaning it was done by a researcher who did not intend to keep the stolen funds. 

The hacker did not identify themselves but asked for a way to contact Prisma Finance so the cryptocurrency could be refunded. 

“Before moving to the next step, I would like to move the funds to a safer place, and please answer my questions,” the hacker wrote. 

“1, What do you think of the term ‘Smart Contract’? 2, Have the contract been audited before it was deployed? 3, What are the responsibilities of developers in cases like this? Im not doing this for anything but to raise better awareness on serious contract audits, on developers attitudes towards their work, and on projects responsibility.”

The company did not respond to requests for comment but later released a post-mortem report about the incident, explaining that the theft occurred as a result of a flash loan attack.

Flash loan attacks involve hackers borrowing funds that do not require collateral, buying a significant amount of a cryptocurrency to artificially raise its price and then offloading the coins. The loan is paid back and the borrower keeps any profit.

The report said that once the first person had exploited the vulnerability in the platform, two others copied the same method. 

“The Prisma team along with many others are continuing the investigation and working to communicate with the exploiter. While retrieving all users funds is our main focus right now, unpausing the protocol will be part of the next steps once we are sure that all positions are safe,” Prisma officials said in the report. 

Both attacks came after a relative lull in thefts involving cryptocurrency platforms. According to a recent United Nations report, many of the attacks on platforms over the last six years have been launched by hackers connected to the North Korean government.

A UN panel is currently investigating 58 cyberattacks allegedly conducted by North Korean hackers that allowed attackers to rake in about $3 billion over a six-year span. The panel is currently investigating 17 cryptocurrency hacks from 2023 alone, with the value of the stolen funds equivalent to about $750 million.