DMR News

Advancing Digital Conversations

Prisma Finance Highlights $540K Vulnerability; Exploiter Seeks Public Accountability from Team

ByDayne Lee

Apr 1, 2024
Prisma Finance Highlights $540K Vulnerability; Exploiter Seeks Public Accountability from Team

Prisma Finance Highlights $540K Vulnerability; Exploiter Seeks Public Accountability from Team

Decentralized finance (DeFi) entity Prisma Finance is grappling with the aftermath of a $11.6 million security breach, revealing that approximately $540,000 in user funds remains vulnerable due to unrevoked permissions linked to the compromised smart contract. Concurrently, the individual claiming responsibility for the breach, describing themselves as a “white hat” hacker, stipulates a public apology and team disclosure as conditions for returning the stolen assets.

Urgent Measures and Continued Vulnerabilities

In a detailed update on April 1, Prisma core contributor, known as “Frank,” outlined ongoing efforts to safeguard remaining assets and resume protocol operations. Highlighting the critical need for user vigilance, Frank emphasized the protocol’s immediate focus on reactivating services once users’ wallets and positions are secured. The exploit, rooted in two MigrateTroveZap contracts intended for user position migration, left 14 accounts with unrevoked contract permissions, placing over $500,000 at imminent risk.

Prisma’s protocol, designed to facilitate decentralized borrowing through Ethereum-based “troves,” now faces the challenge of safeguarding these vulnerable accounts, including one notably containing $484,380.

Strategic Recovery Efforts

As part of its recovery blueprint, Prisma aims to bolster its financial reserves while endeavoring to recoup the purloined funds. A proposition introduced on April 1 suggests diminishing liquidity and adjusting staked revenue models as measures to consolidate resources. Prisma reassures its user base that the exploited contract was isolated, planning a protocol relaunch once all user assets are deemed secure.

Exploiter’s Conditions for Fund Return

The alleged “white hat” hacker has put forth specific demands before any funds are returned, accusing Prisma Finance of negligence and insisting on a public acknowledgment of their errors. The hacker’s requirements include a digital conference where Prisma’s team must openly identify themselves, admit to the oversight in their smart contract audit, and detail plans for heightened security protocols. Furthermore, the exploiter seeks an official declaration absolving them of any responsibility in the incident.

In response, Prisma criticized the exploiter’s lack of cooperation in returning the stolen assets, challenging the genuineness of their intentions to remedy the situation. This standoff continues amidst on-chain dialogues, with both parties yet to reach a resolution.

Since the breach, blockchain security firms like Cyvers and Peckshield reported that the exploiter began converting the stolen assets to Ether (ETH), with a portion funneled through the OFAC-sanctioned cryptocurrency mixer Tornado Cash. The incident precipitated a significant decline in Prisma Finance’s total value locked (TVL) on the protocol, dropping from approximately $220 million to $87 million as per DefiLlama’s data.

Funds at Risk$540,000
Exploit Amount$11.6 million
Vulnerable Accounts14 (5 at high risk)
Recovery ProposalsReduce POL liquidity, adjust staked revenue
Exploiter’s DemandsPublic apology, team identity disclosure
Security ObservationsFunds converted to ETH, use of Tornado Cash
TVL ImpactDecreased from $220 million to $87 million

The Prisma Finance exploit underscores the intricacies and challenges of maintaining security within the DeFi space. As the community navigates the path to resolution, the incident highlights the critical importance of transparent operations, rigorous security audits, and the delicate balance between innovation and user safety. The ongoing dialogue between Prisma Finance and the self-described “white hat” hacker exemplifies the complex ethical considerations inherent in cybersecurity and the DeFi sector.

Featured image credit: Invexic via Medium

Dayne Lee

With a foundation in financial day trading, I transitioned to my current role as an editor, where I prioritize accuracy and reader engagement in our content. I excel in collaborating with writers to ensure top-quality news coverage. This shift from finance to journalism has been both challenging and rewarding, driving my commitment to editorial excellence.

Leave a Reply

Your email address will not be published. Required fields are marked *