Prisma Finance, a decentralized finance (DeFi) protocol, fell victim to a significant exploit that resulted in the loss of approximately $11.6 million worth of cryptocurrencies. This incident, which took place on March 28, sent shockwaves throughout the DeFi community and raised concerns about the security of such platforms.
The hacker responsible for the attack made an unexpected move by contacting Prisma Finance after the exploit. They claimed that it was a “whitehat rescue” and expressed their willingness to return the stolen funds. “Whitehat rescue” typically refers to ethical hacking practices where security vulnerabilities are identified and reported to the affected party instead of being exploited for personal gain. Prisma Finance responded by sharing contact information for negotiations, indicating their potential willingness to engage in a dialogue with the hacker.
In the cryptocurrency industry, incidents of exploitation followed by negotiations for fund returns are not uncommon. While some ethical hackers disclose vulnerabilities and return funds without expecting a reward, others exploit vulnerabilities and demand bounties in exchange for immunity. This complex dynamic highlights the challenges of cybersecurity in the rapidly evolving crypto landscape.
The exploit specifically targeted Prisma Finance and resulted in the theft of approximately $11.6 million worth of cryptocurrencies. The stolen funds were quickly transferred to multiple addresses, making it difficult to trace and recover the assets. Subsequent transactions involved swapping the stolen funds for Ether (ETH), with a portion eventually ending up in an OFAC-sanctioned cryptocurrency mixer called Tornado Cash.
In response to the exploit, Prisma Finance engineers promptly halted the DeFi protocol to prevent further unauthorized transactions. However, the incident had significant consequences, leading to a sharp decline in the platform’s total value locked (TVL). Prior to the exploit, Prisma Finance had a TVL of approximately $220 million, which plummeted to $115 million following the attack.
The exploit of Prisma Finance adds to a series of cryptocurrency hacks and scams that have plagued the DeFi industry in recent months. According to Web3 security firm Immunefi, a staggering $200 million worth of cryptocurrencies were lost in 32 incidents of hacks and rug pulls during the first two months of 2024 alone. This trend highlights the ongoing challenges faced by DeFi platforms in safeguarding user funds and maintaining trust within the community.
