Decentralized finance (DeFi) platform Prisma Finance has reported that there are still $540,000 of funds remaining in user accounts that have not yet revoked the smart contract responsible for the recent $11.6 million exploit. The hacker behind the attack, who claims to be acting as a “white hat” and had stolen the funds to expose vulnerabilities in the platform, has stated that they will not return the funds until Prisma Finance apologizes and reveals the identity of its team members online.
In a recent post, a core contributor known as “Frank” stated that while efforts are being made to recover the funds, the main priority is to unpause the protocol. All users are urged to ensure the safety of their wallets and positions first. The exploit was the result of two MigrateTroveZap contracts designed to transfer user positions from one trove manager to another. Despite efforts to fix the issue, there are still 14 accounts that have not yet revoked the affected contract, with five of them still being considered “at risk” and holding over $500,000 in trove positions.
Prisma Finance operates as a decentralized borrowing protocol that uses Ethereum addresses called “troves” for users to take out and maintain loans. The largest address at risk contains $484,380, while the other four hold between $7,120 and $22,080. As part of its path forward, Prisma plans to conserve additional reserves while attempting to retrieve the stolen funds. A proposal has been made to decrease liquidity from POL and staked revenue from vePRISMA. The platform emphasizes that the exploited contract has been isolated from the core protocol and will only be restarted once all user funds are safe.
The self-proclaimed “white hat” hacker has accused Prisma Finance of lacking good faith and refuses to return the funds until the platform publicly apologizes. The hacker demands that Prisma hold an online conference where the entire team must identify themselves, show their faces, and apologize to users and investors for their failure to properly audit the smart contract. The hacker also wants the platform to acknowledge that they bear no responsibilities in the situation and are merely trying to assist Prisma in rectifying its mistake.
Prisma Finance has responded by pointing out that the hacker has yet to return any funds to demonstrate their good intentions, fueling further arguments between the two parties. Since the attack, blockchain security firms Cyvers and Peckshield have noted that the hacker has started converting the stolen funds into Ether (ETH), with about 200 Ether being transferred to OFAC-sanctioned cryptocurrency mixer Tornado Cash. Prior to the exploit, Prisma Finance had approximately $220 million in total value locked on its protocol, but this has dropped to $87 million, according to DefiLlama.
It’s crucial for Prisma Finance to conduct a thorough audit of their smart contracts to prevent future vulnerabilities and protect user funds.
The hacker’s demands are unreasonable and show a complete lack of respect for the users and investors affected by their actions.
It’s understandable that the hacker wants accountability, but it’s important for Prisma Finance to prioritize users’ safety and funds before addressing those demands.
I have faith in the capabilities of Prisma Finance to bounce back stronger and deliver a more secure platform for the DeFi community. Let’s stay positive and support their efforts. 💚🚀
Prisma Finance must take this as an opportunity to learn, grow, and implement enhanced security measures to ensure the safety of their users’ funds in the future. 🔒💪
The decreasing total value locked on the protocol is a clear indication of the damage caused by this exploit. Prisma Finance needs to step up their security measures.