Decentralized finance (DeFi) protocol Prisma Finance faced a significant exploit on March 28, 2024, resulting in the loss of approximately $11.6 million worth of assets. Reports from blockchain security firms PeckShield and Cyvers shed light on the aftermath of the attack.
Cyvers initially reported that the exploit led to losses of around $9 million for Prisma Finance, with the attacker funding the hack through cryptocurrency exchange FixedFloat. However, PeckShield provided different figures, estimating the stolen assets at $11.6 million.
Following the exploit, PeckShield analysts traced the movement of funds to addresses associated with the attack. It was revealed that the hacker transferred $6.5 million worth of assets to the Tornado Cash mixer through two transactions.
#PeckShieldAlert One of the @PrismaFi exploiters' labeled addresses has transferred ~200 $ETH to #TornadoCash & 6 $ETH to 2 addresses 0x8c03…d40e & 0xce63…f098.
The address 0x8c03…d40e received 0.05 $ETH from the #AffineDeFi hacker address ~11 days ago pic.twitter.com/Pi3vXYQGD7— PeckShieldAlert (@PeckShieldAlert) March 29, 2024
In an unexpected turn, the hacker reached out to Prisma Finance developers, claiming the exploit was a “whitehat rescue” aimed at highlighting security vulnerabilities in the project’s smart contracts. The hacker expressed concerns about the project’s audit process and the team’s response to the situation but did not mention returning the stolen funds.
Prior to the exploit, Prisma Finance had about $220 million in total value locked on its protocol, but that figure has plummeted to $89.88 million, according to DeFiLlama.
Meanwhile, the Prisma Governance Token (PRISMA) plummeted 30% to $0.244 on the news but has since rebounded to $0.274, according to CoinGecko.
The incident underscores the ongoing challenges faced by DeFi projects in maintaining security amidst growing threats of exploitation and hacking. Prisma Finance, like many others in the industry, now grapples with the aftermath of the exploit as it works to address vulnerabilities and restore user confidence.
Over $200 million worth of cryptocurrencies have been lost to hacks and rug pulls across 32 individual incidents over the first two months of 2024, according to Web3 security firm Immunefi. A total of $1.8 billion was lost to cryptocurrency hacks and scammers in 2023, of which 17% have been attributed to the North Korean Lazarus Group, according to a December 28 report by Immunefi.