Brayden Lindrea7 hours agoPrisma Finance says $540K still at risk, hacker demands team reveal themselvesThe decentralized borrowing protocol said there were still 14 accounts that have yet to revoke the affected smart contract that caused $11.6 million to be exploited last week.3230 Total viewsListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksDecentralized finance (DeFi) firm Prisma Finance says there’s still $540,000 of funds from accounts yet to revoke the smart contract responsible for last week’s $11.6 million exploit.
Meanwhile, the self-claimed “white hat” hacker behind the exploit says they will hold back the return of funds until the firm apologizes and reveals their team’s identity online.
In a “path forward” post on April 1, core contributor “Frank” said it will continue to chase for the return of funds, but the top priority is to unpause the protocol — but said it needed all users to ensure their wallets and positions were safe first.
The protocol suffered a multimillion-dollar exploit last week, which was later revealed to be the result of two MigrateTroveZap contracts, which were designed to migrate user positions from one trove manager to another, according to a post-mortem post from Prisma last updated on March 31.
However, Frank noted that there were still 14 remaining accounts that had yet to revoke the affected smart contract, five of which were still “at risk” with open trove positions totaling over $500,000.Source:Prisma Finance
“Of the affected Troves several have revoked the contract containing the vulnerability with ~$540k of collateral still at risk at the time of writing.”
Prisma is a decentralized borrowing protocol that uses “troves” — Ethereum addresses — where users can take out and maintain loans.
The largest “at risk" address contains $484,380, while the other four carry between $7,120 and $22,080.Remaining affected addresses from Prisma’s $11.6 million exploit. Source:Prisma Finance
Frank explained that part of its “path forward” was to “conserve additional reserves” while Prisma attempted to recover the stolen funds.
A new proposal was made on April 1 to reduce liquidity from POL and staked revenue from vePRISMA.
Prisma also stressed that the exploited contract was isolated from the core protocol and that it plans to restart it once the remaining user funds are safe.ID yourselves and publicly apologize, exploiter demands
Meanwhile, the self-claimed "white hat" has accused the DeFi firm of failing to act in good faith and claims the funds won’t be returned unless it makes a public apology.
Part of that apology involves Prisma holding an online conference, in which the entire team must show their faces with ID and apologize to all users and investors for failing to properly audit its smart contract.
In a March 30 on-chain message, the exploiter wrote: “During that session, you must specifically present the mistake you made, which party audited the smart contract, and your plan to improve security in the future.”
The exploiter also wants Prisma to acknowledge they have “no responsibilities” in the ordeal and are only trying to help Prisma rectify its mistake.
On-chain messages sent from the hacker to Prisma Finance. Source:Etherscan
Prisma, however, fired back, pointing out that the exploiter has yet to return any funds to show good faith either, with the two sides then continuing to argue in on-chain messaging.“There is little evidence that we can judge you on that you are sincere in your intention to return the assets. Most genuine white hats would have returned at least some of the funds by now.”
Related:Ethical hacker retrieves $5.4M for Curve Finance amid exploit
Since the attack, blockchain security firms Cyvers and Peckshield observed that the hacker had started swapping the stolen funds to Ether(ETH), and about 200 Ether was transferred toOFAC-sanctioned cryptocurrency mixer Tornado Cash.
Prior to the exploit, Prisma Finance had about $220 million in total value locked on its protocol, but that figure has plummeted to $87 million,according to DefiLlama.
Magazine:Should crypto projects ever negotiate with hackers? Probably# Altcoin# Business# Security# Adoption# Hackers# Cybersecurity# Hacks# DeFi# Liquidity# Staking