Hacker Threatens Prisma Finance: Demands $540K or Team Must Reveal Identities

Prisma Finance, a decentralized finance (DeFi) company, finds itself at the center of a cybersecurity storm. The DeFi firm has reported that approximately $540,000 of its funds are still vulnerable following a substantial $11.6 million exploit last week. The saga took an even more dramatic twist when the hacker, proclaiming to be a “white hat,” issued an ultimatum. The ultimatum? Return of the funds would only occur if Prisma Finance issued a public apology. If that wasn’t enough, he wants the team to unveil their identities.

Prisma Finance, known for its decentralized borrowing protocol that facilitates loans via “troves” or Ethereum addresses, was compromised. This was done through an exploit involving two MigrateTroveZap contracts. These contracts were designed to transfer user positions between trove managers but inadvertently opened the door to the multimillion-dollar security breach. A core contributor to Prisma, identified only as “Frank,” has been vocal about the company’s efforts to rectify the situation. They emphasized the reactivation of the protocol and the safety of user wallets and positions as top priorities.

Despite efforts to recover from the exploit, Prisma is faced with the challenge of 14 unsecured accounts, five of which contain open trove positions that are “at risk,” totaling over half a million dollars. The largest vulnerable address holds a staggering $484,380, underscoring the gravity of the situation.

Hacker Demands Prisma Finance Dox Themselves

The hacker has demanded that Prisma Finance’s team members reveal their identities in a live online conference. This comes along with issuing a public apology to users and investors. The hacker’s demands extend to a detailed account of the oversight. This includes which party audited the compromised smart contract and Prisma’s future plans for enhancing security measures.

The standoff between Prisma Finance and the hacker is marked by a series of on-chain messages. Prisma has countered the hacker’s claims of altruism by pointing out the absence of any returned funds as a gesture of good faith. The back-and-forth messaging underscores the tension and the complexities involved in navigating the aftermath of DeFi exploits.

The aftermath of the exploit has seen significant financial fallout for Prisma Finance. As a result, the total value locked (TVL) on its protocol plummeting from $220 million to a mere $87 million. This incident serves as a stark reminder of the vulnerabilities inherent in the DeFi sector and the imperative for rigorous security protocols.

The Prisma Finance exploit narrative is evolving, with the DeFi community closely watching how this high-stakes standoff will unfold. It raises critical questions about transparency, security, and the ethical responsibilities of both developers and those who find themselves in a position to exploit vulnerabilities. As the situation continues to develop, there are broader implications for the DeFi ecosystem and the trust of its users.