Oyster Pearl recently suffered a massive backdoor hack, resulting in more than three million new PRL coin being minted and over $300,000 stolen from KuCoin users.

CEO William Cordes points to Oyster Pearl’s anonymous founder, Bruno Block, as the orchestrator of the attack.

Block is the prime suspect, due to the attack originating from a function in the smart contract that could only be called by the private key holder.

According to a recent report by Oyster, the original founder and chief architect of the project (Block) executed the transferDirector function within the PRL token contract and transferred directorship over the PRL smart contract to himself. Using this function enabled the hacker to reopen the ICO in a transaction, again issuing tokens at a rate of 0.04 ETH/PRL, before sending the newly created tokens to the KuCoin exchange where they were then sold.

In total, the hacker was able to sell more than $300,000 worth of PRL tokens before KuCoin closed trading for the token. As of writing, two wallets held by the hacker currently contain over $500,000 in crypto, with 70.7 BTC in his Bitcoin wallet and 188 ETH in his Ethereum wallet.

Collapsing Star

Oyster Pearl was designed to combine the Ethereum and IOTA blockchains to provide decentralized, anonymous file storage and offer websites an alternate way to generate revenue without using advertisements.

As one of the most hyped projects of 2017, PRL quickly climbed the ranks on CoinMarketCap, achieving a market cap of over $240 million in January 2018 before gradually falling in tow with the rest of the cryptocurrency market as the year progressed.

In the 30 days prior to the scam, PRL witnessed a remarkable recovery, growing from just six cents on September 28 to over 23 cents on the day of the hack — an almost 4 fold improvement. Shortly after the hack, the price dumped drastically, seeing it fall back to 7 cents over an 8-hour period, losing more than 70 percent of its value.

PRL trading has now been suspended on KuCoin and Cryptopia, its two largest markets, while IDEX has delisted PRL pending updates. Prior to the changes, PRL witnessed catastrophic losses on all three major exchanges.

The Long Game

Interestingly, Bruno did not execute the plan earlier in the year when the price of each PRL was over $4.00, almost 20x higher than its highest peak this month. Had the owner pulled off the same stunt in January, he would have escaped with almost $6,000,000.

However, with the news that KuCoin will be implementing KYC for large withdrawals, it appears that Bruno’s hands were forced into action — and with PRL being at its highest value in over 4 months, it likely became a now-or-never scenario for Bruno. (Who unfortunately chose the former.)

Had Bruno not acted early, he would have been subjected a maximum withdrawal of two BTC per day on KuCoin, severely limiting his ability to exit scam and possibly permanently thwarting his end game.

According to the announcement, Bruno was able to maintain his anonymity through his entire period working with PRL, with even the CEO, William Cordes, not knowing his true identity.

Cordes also asked for help in ascertaining Bruno’s identity.

Moving Forward

At the time, the $300,000 stolen by Bruno represented only 1.5 percent of the market capitalization — though, at current rates, it is closer to 5 percent.

Oyster have made attempts to reassure current PRL holders that their tokens are safe, and are still weighing up the options moving forward.

It remains to be seen how the market will respond to the event if or when trading will resume on KuCoin. Current market sentiment appears understandably frustrated, though there is still clear evidence of support from the community.

For now, BeInCrypto recommends steering clear of the situation until the new smart contract is created and token swap completed. Avoid purchasing PRL tokens in the interim as these may not be accepted for exchange later on.

Do you think the Bruno Block was alone in the attack? What do you think caused the suspicious price growth in the lead-up to the exit scam? Can PRL recover from this? Let us know your thoughts below!