Prisma Finance Works Toward Exploit Recovery, $540K Vulnerable

Prisma Finance is actively responding to a recent security breach that led to a loss of $11.6 million, focusing on a recovery strategy.

According to a forum post by core contributor “Frank,” the decentralized finance (DeFi) protocol Prisma Finance has outlined its immediate response and forthcoming steps following the hack. Frank stated that $540,000 of the exploited fund is still vulnerable.

“Of the affected Troves several have revoked the contract containing the vulnerability with ~$540k of collateral still at risk at the time of writing,” said Frank.

A path forward after the security incident: https://t.co/JLVHfXvNn4

— Prisma Finance (@PrismaFi) March 31, 2024

Prisma Finance’s Proposal

In response to the exploit, one key aspect of the strategy involves a significant reduction in protocol owned liquidity (POL), by reducing the weekly POL amount from $40k to $0.

Another measure targets the distribution to stakeholders. Frank explained the decision to halve the weekly amount allocated to vePRISMA holders. “Reduce the weekly amount distributed to vePRISMA holders by half, from $160k to $80k,” he noted.

These proposed changes, according to Frank, are not permanent but pivotal for the moment. “As new information comes in about this situation, we will also commit to revisiting these parameter changes 1 week after passage,” he said.

$11.6 Million Hack Involving FixedFloat Exchange

The exploit at Prisma Finance was executed through a flaw in the migration zap contract, leading to a loss of approximately $11.6 million.

This contract was intended for managing transitions between trove managers but was manipulated to extract assets, including wrapped staked Ethereum (wstETH). The stolen assets were swiftly converted to Ethereum (ETH), complicating efforts to track and recover the funds.

The post claimed that the core functionality of Prisma Finance remains unaffected. The issue was confined to a specific component, the migration zap contract, thereby not compromising the entire protocol.

In response to the breach, Prisma Finance enacted an emergency pause on all trove managers. This action has halted all borrowing activities and has prevented any new liquidity from being introduced into the protocol, aiming to stabilize the situation.