DeFi protocol Prisma Finance is reeling from an $11.6 million hack, as the hacker claims a 'whitehat rescue', prompting industry scrutiny and caution.
Hack Uncovered
Decentralized finance (DeFi) protocol Prisma Finance fell victim to an exploitation, hemorrhaging over $10 million worth of cryptocurrencies on March 28. On-chain security alert provider Cyvers was quick to point out the anomaly on an X post,
“Our system has detected multiple suspicious transactions with @PrismaFi and still ongoing! Total loss so far is around $9M. The attacker has been funded by @FixedFloat! Our system has detected the malicious contract 2 min earlier than hack transactions!”
The initially observed $9 million loss swiftly escalated with another $1 million that were lost in fraudulent transactions.
Protocol Paused for Investigation
In response to the breach, Prisma Finance announced the temporary suspension of its protocol so that a thorough investigation could be conducted.
The team updated the community with an X post,
“We are aware of a possible exploit on Prisma. Core engineering contributors will pause the protocol and investigate. We'll share an update and a post-mortem.”
With over $222 million in total value locked (TVL) before the breach, Prisma's significance in the DeFi space is substantial. However, the attack resulted in a significant drop in TVL, which is now down to $115 million.
The Prisma Governance Token (PRISMA) also witnessed a sharp dropoff in the aftermath of the hack, first plummeting 30% to $0.244 and then rebounding slightly back to $0.289 at the time of writing.
Escalating Losses
The attack did not relent, with the hacker swiftly converting stolen assets into Ether. On-chain security firm PeckShield revealed that the exploited funds had surpassed $11.6 million, emphasizing the ongoing nature of the assault and urging caution among vault owners.
Taking advantage of the chaos, opportunistic scammers attempted to exploit the situation further. A fraudulent Prisma Finance account, flaunting a golden badge, attempted to lure users to a questionable link under the guise of an official announcement. Closer scrutiny revealed its lack of affiliation with Prisma Finance, which is indicative of the predatory tactics common in such situations.
Hacker's “Whitehat Rescue” Claim
In an unexpected turn, the hacker behind the attack surfaced, claiming the exploit was a "whitehat rescue" and expressing willingness to return the funds. The message, originating from one of the addresses linked to the attack, indicated a potential pivot towards ethical hacking. White hat hackers typically identify and report vulnerabilities, yet in the cryptocurrency realm, their motives can be multifaceted.
Prisma Finance responded promptly, providing contact information for negotiations regarding the return of the funds.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.