On March 28, the decentralized finance protocol Prisma Finance fell victim to an exploit, resulting in a loss of approximately $10 million in cryptocurrencies.
According to a post on X dated March 28, the security alert network provider Cyvers was the first to detect several suspicious transactions involving Prisma Finance.
🚨UPDATE🚨Our system has detected multiple suspicious transactions with @PrismaFi and still ongoing!
Total loss so far is around $9M. Attacker has funded by @FixedFloat!
Our system has detected the malicious contract 2 min earlier than hack transactions!👇
Our system would… https://t.co/9myoV8DL22 pic.twitter.com/SxT5yYZy7U
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 28, 2024
Shortly after Cyvers’ initial alert, another fraudulent transaction amounting to $1 million was discovered, bringing the total amount of funds utilized to nearly $10 million.
As per an X post on March 28, Prisma Finance stated that its core engineers and contributors will pause the protocol’s operations and conduct an investigation.
We are aware of a possible exploit on Prisma.
Core engineering contributors will pause the protocol and investigate.
We'll share an update and a post-mortem.
— Prisma Finance (@PrismaFi) March 28, 2024
Prisma Finance is a decentralized token staking protocol with a total locked value (TVL) of over $222 million, according to DefiLlama.
The stolen funds amounted to over $11.6 million.
According to Cyvers, after the initial exploit, the attacker began exchanging the stolen funds for ETH.
According to the network security company PeckShield, the attack is still ongoing.
#PeckShieldAlert The attack is ongoing, with the total loss now increased to ~3,257.7 $ETH (worth ~$11.6 million)
To vault owners, please follow up on notifications from the official source and be cautious about scams pic.twitter.com/5HYGYCROIP— PeckShieldAlert (@PeckShieldAlert) March 28, 2024
As evident from PeckShield’s image above, other fraudsters are attempting to capitalize on this exploit. According to an official statement from Prisma Finance, a fraudulent account with a gold badge is trying to redirect users to a suspicious link. Upon closer inspection, it is evident that the fraudulent account has no affiliation with Prisma Finance.
Crypto hacks continue to undermine the industry’s legitimacy. According to Immunefi, a blockchain security company, in 2024, due to 32 separate incidents of hacking attacks and rug pulls, cryptocurrency losses amounted to over $200 million.
The loss of over $200 million represents a 15.4% increase compared to January and February 2023 when digital assets worth $173 million were stolen.
According to Immunefi’s report dated December 28th, in 2023, cryptocurrency hackers and scammers caused a total loss of $1.8 billion, with 17% attributed to the North Korean Lazarus Group.