Prisma Finance, a decentralized finance (DeFi) protocol, was the target of a significant exploit resulting in the loss of approximately $11.6 million worth of cryptocurrencies. The exploit, which occurred on March 28, sent shockwaves through the DeFi community and raised questions about the security of such platforms.
Hacker’s claim and response
Following the exploit, the hacker responsible for the attack made a surprising move by reaching out to Prisma Finance, claiming it was a “whitehat rescue” and expressing willingness to return the funds. “whitehat rescue” typically refers to ethical hacking practices where security vulnerabilities are identified and reported to the affected party rather than exploited for personal gain. Prisma Finance responded by providing contact information for negotiations, signaling a potential willingness to engage in dialogue with the hacker.
In the cryptocurrency industry, incidents of exploitation and subsequent negotiations for fund returns are common. While ethical hackers may disclose vulnerabilities and return funds without reward, others exploit vulnerabilities and demand bounties in exchange for immunity. This dynamic underscores the complexities of cybersecurity in the rapidly evolving crypto landscape.
Exploit details and consequences
The exploit targeted Prisma Finance, resulting in the theft of approximately $11.6 million of cryptocurrencies. The stolen funds were swiftly transferred to multiple addresses, complicating efforts to trace and recover the assets. Subsequent transactions involved swapping the stolen funds to Ether (ETH), with a portion eventually ending up in an OFAC-sanctioned cryptocurrency mixer known as Tornado Cash.
In response to the exploit, Prisma Finance engineers immediately stopped the DeFi protocol, preventing further unauthorized transactions. However, the incident had significant repercussions, causing a sharp decline in the platform’s total value locked (TVL). Before the exploit, Prisma Finance boasted a TVL of around $220 million, which plummeted to $115 million following the attack.
The exploit of Prisma Finance adds to a series of cryptocurrency hacks and scams that have plagued the DeFi industry in recent months. According to Web3 security firm Immunefi, over $200 million worth of cryptocurrencies were lost to hacks and rug pulls across 32 incidents in the first two months of 2024 alone. This trend underscores the ongoing challenges DeFi platforms face in safeguarding user funds and maintaining trust within the community.