Prisma Finance recently experienced a hack that resulted in a loss of $11.6 million, prompting the platform to temporarily pause its operations on March 28. The exploit on the decentralized finance (DeFi) protocol was executed through a flaw in the migration zap contract, leading to the theft of approximately $10 million worth of cryptocurrencies, including wrapped-staked Ethereum (wstETH). Despite this setback, the core functionality of Prisma Finance was not compromised, as the issue was confined to a specific component of the protocol. Efforts to track and recover the stolen funds were complicated by the swift conversion of the assets to Ethereum (ETH).
In response to the breach, Prisma Finance enacted an emergency pause on all trove managers to halt borrowing activities and prevent new liquidity from entering the protocol. The DAO then launched a governance vote, which will conclude on April 7, to determine whether to resume borrowing activities on Prisma. As of the latest update, the proposal has received unanimous support from participating DAO members, indicating strong community backing. Users are advised to revoke delegate approvals for open positions to mitigate the risk of fund loss once the protocol is unpaused. Prisma Finance has identified 14 accounts that have yet to revoke the affected smart contracts, potentially exposing them to a combined loss of $540,000.
Frank Olson, a core contributor to Prisma Finance, presented a plan on April 3 to safely unpause the protocol and resume functionalities such as the ability for users to deposit liquid staking tokens (LSTs) and liquid restaking tokens (LRTs) to borrow overcollateralized stablecoins. Unpausing the protocol is deemed crucial for the recovery process and reinstating normal operations, including vault management and deposits into the Stability Pool. Prisma Finance is committed to enhancing security measures through continuous auditing services, bug bounty programs, and overall security enhancements to prevent future exploits.
To address the exploit and reduce the risk of similar incidents in the future, Prisma Finance has proposed several key measures. These measures include a significant reduction in the protocol-owned liquidity (POL) by decreasing the weekly POL amount from $40,000 to $0 and halving the weekly distribution amount allocated to vePRISMA holders from $160,000 to $80,000. These changes are not intended to be permanent but are deemed necessary in the current situation. Prisma Finance plans to revisit these parameter changes one week after passage as new information becomes available. The platform is committed to maintaining transparency and taking proactive steps to improve its security infrastructure.
In an effort to cautiously restart operations following the hack, Prisma Finance is seeking consensus through an ongoing community vote to reinstate borrowing capabilities on the platform. The success of the vote will determine whether users can once again deposit LSTs and LRTs and borrow overcollateralized stablecoins. The platform remains dedicated to addressing the aftermath of the exploit and implementing measures to enhance security and protect user funds. Prisma Finance’s response to the hack exemplifies its commitment to transparency, community engagement, and continuous improvement to ensure the resilience and integrity of the protocol in the face of unforeseen challenges.
