The hacker’s on-chain message came approximately six hours after the hack occurred. However, blockchain security firms noted the hacker had also started swapping the stolen funds for Ether.
The hacker behind the $11.6 million exploit of decentralized finance (DeFi) protocol Prisma Finance is claiming it was a “whitehat rescue” and is enquiring about returning the funds, according to on-chain messages.
“Hi, this is a whitehat rescue, who can I contact to refund,” the exploiter said on March 28, around 6 hours after the attack. The message came from the address “0x2d4…7507a” — which was earlier identified as being one of three addresses linked to the attack.
“Please contact us at negotiations@prismafinance.com,” the DeFi firm said in response about two hours later.
