Prisma Finance Hacked for $11 Million

Prisma Finance Falls Victim to $11 Million Attack

According to cybersecurity firm Web3 Cyvers, which was the first to detect suspicious transactions related to Prisma Finance, the attacker, allegedly sponsored by FixFloat, executed multiple transactions aiming to steal 1,965.39 Ethereum (wstETH) initially valued at around $9 million.

🚨UPDATE🚨Our system has detected multiple suspicious transactions with @PrismaFi and still ongoing!

Total loss so far is around $9M. Attacker has funded by @FixedFloat!

Our system has detected the malicious contract 2 min earlier than hack transactions!👇

Our system would… https://t.co/9myoV8DL22 pic.twitter.com/SxT5yYZy7U

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 28, 2024

Blockchain security company PeckShield confirmed the attack, stating that Prisma’s wrapped assets mkUSD and stETH were among the stolen assets. Subsequently, the hacker converted these assets into Ethereum (ETH), indicating calculated actions aimed at exploiting vulnerabilities in the platform.

Following the initial alert, PeckShield discovered an additional $1 million fraudulent transaction, raising the total stolen amount to nearly $11 million, warning of “an ongoing attack, with the total damages now escalating to ~3,257.7 ETH (valued at ~$11.6 million).”

PeckShield urged wallet owners to remain vigilant and adhere to official notifications to avoid scams. They also warned of other fraudsters taking advantage of the situation, pointing out the presence of a fake Prisma account attempting to deceive users with suspicious links.

#PeckShieldAlert The attack is ongoing, with the total loss now increased to ~3,257.7 $ETH (worth ~$11.6 million)
To vault owners, please follow up on notifications from the official source and be cautious about scams pic.twitter.com/5HYGYCROIP

— PeckShieldAlert (@PeckShieldAlert) March 28, 2024

In response, Prisma Finance updated users on Twitter regarding the situation. They announced the temporary suspension of the protocol for thorough investigation and advised users to disconnect to prevent further losses.

According to Immunefi, in the first quarter of this year, the cryptocurrency industry suffered $336.3 million in damages due to hacks and scams. Immunefi noted that DeFi, with nearly $100 billion TVL, remains a top target for hackers, while CeFi did not record any exploitation during the same period.

Despite significant losses, $73.9 million (22%) has been successfully recovered after 7 exploit incidents. Additionally, the number of attacks decreased by 17.6% from 74 incidents in Q1/2023 to 61 incidents.

While the $336.3 million loss is substantial, it represents a 23.1% decrease compared to the $437.5 million during the same period last year.

Related: Founder of NFT Collection Milady Targeted by Hacker Attack

Prisma Finance and Price Volatility

Prisma Finance is a decentralized finance (DeFi) protocol that allows users to mint and borrow the stablecoin mkUSD using tokens as collateral assets (LSTs – Liquid Staking Tokens). Currently, Prisma supports 4 types of LSTs that can be used as collateral assets, including: wstETH (Lido), rETH (Rocket Pool), sfrxETH (Frax Finance), and cbETH (Coinbase).

Notably, Prisma Finance is a liquidity-focused collateral token DeFi protocol with a total value locked (TVL) of over $222 million, according to DefiLlama.