Prisma Finance says $540K still at risk, hacker demands team reveal themselves

cyptouser8 months agoCryptocurrencies News123
25cc9d4a>

Decentralized finance (DeFi) firm Prisma Finance says there’s still $540,000 of funds from accounts yet to revoke the smart contract responsible for last week’s $11.6 million exploit.

Meanwhile, the self-claimed “white hat” hacker behind the exploit says they will hold back the return of funds until the firm apologizes and reveals their team’s identity online.

In a “path forward” post on April 1, core contributor “Frank” said it will continue to chase for the return of funds, but the top priority is to unpause the protocol — but said it needed all users to ensure their wallets and positions were safe first.

The protocol suffered a multimillion-dollar exploit last week, which was later revealed to be the result of two MigrateTroveZap contracts, which were designed to migrate user positions from one trove manager to another, according to a post-mortem post from Prisma last updated on March 31.

However, Frank noted that there were still 14 remaining accounts that had yet to revoke the affected smart contract, five of which were still “at risk” with open trove positions totaling over $500,000.

Source: Prisma Finance

“Of the affected Troves several have revoked the contract containing the vulnerability with ~$540k of collateral still at risk at the time of writing.”

Prisma is a decentralized borrowing protocol that uses “troves” — Ethereum addresses — where users can take out and maintain loans.

The largest “at risk" address contains $484,380, while the other four carry between $7,120 and $22,080.

Remaining affected addresses from Prisma’s $11.6 million exploit. Source: Prisma Finance

Frank explained that part of its “path forward” was to “conserve additional reserves” while Prisma attempted to recover the stolen funds.

A new proposal was made on April 1 to reduce liquidity from POL and staked revenue from vePRISMA.

Prisma also stressed that the exploited contract was isolated from the core protocol and that it plans to restart it once the remaining user funds are safe.

ID yourselves and publicly apologize, exploiter demands

Meanwhile, the self-claimed "white hat" has accused the DeFi firm of failing to act in good faith and claims the funds won’t be returned unless it makes a public apology.

Part of that apology involves Prisma holding an online conference, in which the entire team must show their faces with ID and apologize to all users and investors for failing to properly audit its smart contract.

In a March 30 on-chain message, the exploiter wrote: 

“During that session, you must specifically present the mistake you made, which party audited the smart contract, and your plan to improve security in the future.”

The exploiter also wants Prisma to acknowledge they have “no responsibilities” in the ordeal and are only trying to help Prisma rectify its mistake.

On-chain messages sent from the hacker to Prisma Finance. Source: Etherscan

Prisma, however, fired back, pointing out that the exploiter has yet to return any funds to show good faith either, with the two sides then continuing to argue in on-chain messaging.

“There is little evidence that we can judge you on that you are sincere in your intention to return the assets. Most genuine white hats would have returned at least some of the funds by now.”

Related: Ethical hacker retrieves $5.4M for Curve Finance amid exploit

Since the attack, blockchain security firms Cyvers and Peckshield observed that the hacker had started swapping the stolen funds to Ether (ETH), and about 200 Ether was transferred to OFAC-sanctioned cryptocurrency mixer Tornado Cash.

Prior to the exploit, Prisma Finance had about $220 million in total value locked on its protocol, but that figure has plummeted to $87 million, according to DefiLlama.

Magazine: Should crypto projects ever negotiate with hackers? Probably

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Top SEC crypto lawyer leaves to join pro-crypto firm, regulator facing new lawsuit

A key member of the US Securities and Exchange Commission’s (SEC) legal team, Ladan Stewart,  steppe...

US prosecutors oppose Ethereum dev’s motion to reduce 5-year sentence

US prosecutors oppose Ethereum dev’s motion to reduce 5-year sentence

55966e89˃Officials with the United States Justice Department have written a letter opposing former E...

Sora Ventures founder Jason Fang giving away 1 BTC to celebrate Jubilee upgrade

In a generous move to celebrate the New Year, Sora Ventures founder Jason Fang announced a Bitcoin g...

Ethereum price chart hints at $4K breakout to new all-time highs

Ethereum price chart hints at $4K breakout to new all-time highs

55966e89˃A key technical chart formation suggests that Ether’s (ETH) price is about to break out tow...

Deputy Treasury Secretary warns crypto companies not to neglect safeguarding against illicit finance

The U.S. government has raised concerns about digital asset companies failing to address the flow of...

Binance tax evasion trial moved to May 17 in Nigeria

1205f261˃The tax evasion trial in a Nigerian court involving cryptocurrency exchange Binance and two...