Prisma Finance Hacked: Hacker Demands Apology and Offers to Return $11M

March 31, 2024 | by


Recently, Prisma Finance, a prominent liquid staking protocol, fell victim to a hack resulting in the loss of $11 million. What sets this incident apart, however, is the hacker’s unexpected demands. Claiming to be a white-hat hacker – one who identifies vulnerabilities and aids in their resolution – the hacker has proposed a unique set of conditions for returning the stolen funds. These conditions include a public apology from the Prisma Finance team, an online press conference to address users and investors, and recognition of the hacker’s assistance in fixing the security breach. This unusual demand has sparked controversy within the decentralized finance community, raising questions about the ethics and implications of publicly acknowledging and commending a hacker for hacking into a system. As the situation unfolds, the wider DeFi community eagerly watches, realizing that the resolution of this incident will set a standard for future approaches to security breaches.

95paON4hdScokCN81ZxAmvSwy3KpQiLRNGBF4qemM 복사본

Unusual demands by a hacker

The recent hack of Prisma Finance, a prominent liquid staking protocol in the decentralized finance (DeFi) sector, has brought to light some peculiar demands made by the hacker responsible for the breach. Referring to themselves as a white-hat hacker, which typically denotes ethical hackers who aim to identify and fix vulnerabilities, this individual has outlined certain conditions under which they are willing to return the stolen $11 million. These conditions include Prisma Finance holding an online press conference, where they openly state their names, apologize to users and investors, and commend the hacker for their role in uncovering and addressing the security breach. This demand has sparked controversy within both the broader DeFi community and Prisma Financial’s own community, as it raises questions about the protocol’s ability to detect vulnerabilities and serves as a potential warning for others in the DeFi industry.

Controversy surrounding the hacker’s demands

The hacker’s demand for an online press conference has raised eyebrows and divided opinions within the DeFi community. Some argue that public acknowledgment of the vulnerability and the hacker’s contribution in fixing it could serve as a deterrent for potential attackers, as well as foster transparency and accountability within the industry. Others, however, question the ethics of publicly commending a hacker for their illegal activities, as it may send the wrong message and incentivize similar actions in the future. The controversy surrounding these demands has highlighted the complex nature of addressing security breaches in the DeFi sector and the need for careful consideration of the implications of various responses.

Screenshot 2024 01 08 192459 1

Online press conference requirement

The hacker’s insistence on an online press conference as part of their conditions for returning the stolen funds adds an interesting twist to the situation. By requesting that Prisma Finance publicly apologize and commend them, the hacker is positioning themselves as a benevolent force, claiming to have hacked for the greater good and to expose vulnerabilities in the protocol. This requirement puts Prisma Finance in a difficult position, as they must weigh the potential benefits of meeting the hacker’s demands against the potential negative consequences of legitimizing their actions. Deciding whether or not to comply with this request will likely require careful deliberation and consultation with legal and PR professionals.

Apology and commendation for the hacker

One of the hacker’s demands is for Prisma Finance to openly apologize to users and investors, as well as commend the hacker for their role in fixing the security breach. While apologizing for the breach is a standard response in such situations, the idea of publicly commending the hacker introduces an unusual element to the equation. Publicly recognizing and praising the hacker’s actions could be seen as an acknowledgement of their illegal activities and potentially set a problematic precedent. Prisma Finance must carefully consider the potential consequences and ethical implications of such an action before making a decision.

Criticism of Prisma Finance for not detecting the vulnerability

The hack of Prisma Finance has also drawn criticism towards the protocol for failing to detect the vulnerability that was exploited by the hacker. Some argue that a protocol of Prisma Finance’s stature should have robust security measures in place to prevent such breaches. The fact that the vulnerability was not detected raises concerns about the overall security posture of the protocol and its potential impact on users and investors. While it is impossible to eliminate all vulnerabilities, particularly in a rapidly evolving industry like DeFi, the incident highlights the need for constant vigilance and the development of robust security practices within the sector.

Prisma Finance’s response to the hack

In response to the hack, Prisma Finance has taken immediate action to address the situation and mitigate any potential damage. As a first step, the protocol has temporarily ceased its operations to allow for a thorough analysis of the breach. This analysis has revealed that the vulnerability exploited by the hacker was due to inadequate input validation on a specific smart contract function. To rectify this issue, the Prisma Finance team is working diligently to patch the vulnerability and ensure that it does not recur. The team’s top priority at the moment is to retrieve the stolen funds and safeguard the interests of investors and users.

Temporary cessation of protocol operations

Upon discovering the hack, Prisma Finance made the decision to temporarily halt its protocol operations. This proactive response allows the team to focus on investigating the breach and implementing necessary measures to close the vulnerability. By pausing protocol operations, Prisma Finance demonstrates its commitment to resolving the issue promptly and ensuring the safety of its users and investors.

Identification and rectification of the vulnerability

Following the thorough analysis of the hack, Prisma Finance has identified the specific vulnerability that was exploited. This vulnerability was a result of inadequate input validation on a particular smart contract function. Recognizing the importance of addressing this issue promptly, the Prisma Finance team is actively working on rectifying the vulnerability to prevent any future breaches. By identifying and fixing the vulnerability, Prisma Finance aims to enhance the security of its protocol and restore confidence among its user base.


Retrieval of investors’ money

Prisma Finance understands the gravity of the financial loss experienced by its investors due to the hack. As part of their response, the protocol is actively working to retrieve the stolen funds and return them to their rightful owners. This process involves collaboration with relevant authorities, blockchain experts, and potentially other entities involved in the recovery of stolen cryptocurrency. Prisma Finance is committed to ensuring that its investors are made whole again and that appropriate measures are taken to prevent similar incidents in the future.

Relaunching the protocol

Once the vulnerability has been rectified and the stolen funds have been retrieved, Prisma Finance intends to relaunch its protocol. This relaunch will only occur once the team is confident in the security measures implemented and is satisfied that the protocol is robust enough to withstand potential attacks. By relaunching the protocol, Prisma Finance aims to demonstrate its resilience and commitment to its users and investors. The relaunched protocol will incorporate the lessons learned from the breach, further enhancing its security and mitigating the risk of future hacks.

Skepticism and strategy

The hacker’s actions, including the transfer of a substantial amount of Ether to the address of the Blockchain mixing service Tornado Cash, have sparked speculation about their motives. This transfer raises questions about the hacker’s true intentions and whether they are solely focused on exposing vulnerabilities or have ulterior motives. The involvement of Tornado Cash, known for its role in obfuscating the origin of cryptocurrency transactions, adds a layer of complexity to the narrative and associates the hacker with potentially malicious activities. Users of Prisma Finance have expressed concern about the hacker’s activities, as their actions seem to oscillate between beneficial and malicious intent.

Transfer of funds to Tornado Cash

The transfer of a significant amount of Ether to the address of Tornado Cash, a popular Blockchain mixing service, has raised eyebrows within the DeFi community. Tornado Cash is known for its ability to obscure the origin of cryptocurrency transactions, making it difficult to trace funds. This transfer has led to speculation and skepticism about the hacker’s true intentions and motivations. While it is unclear why the funds were transferred to Tornado Cash, it adds a layer of complexity to the situation and creates uncertainty about the hacker’s ultimate goals.

Speculations about the hacker’s motives

The transfer of funds to Tornado Cash has given rise to speculations about the hacker’s motives. Some believe that the hacker’s actions are driven purely by the desire to expose vulnerabilities in Prisma Finance and the wider DeFi sector. They see the transfer to Tornado Cash as a means of preserving anonymity and distancing themselves from any potential legal repercussions. Others, however, view the transfer as evidence of potentially malicious intent, suggesting that the hacker may be involved in illicit activities or seeking personal gain. The true motives of the hacker remain unknown and continue to be a subject of speculation and debate within the DeFi community.

User concerns about the hacker’s activities

The actions of the hacker have understandably raised concerns among users of Prisma Finance. The transfer of funds to Tornado Cash, along with the other demands made by the hacker, have left users questioning the hacker’s true intentions and the potential impact on their investments. Users are concerned about the security of their funds and the overall stability of the DeFi sector. The uncertainty surrounding the hacker’s activities and motives underscores the need for enhanced security measures and increased vigilance within the DeFi community.

DeFi Struggles

The hack of Prisma Finance and the subsequent demands made by the hacker shed light on the ongoing security issues within the DeFi sector. While this is not the first instance of a hack in the DeFi space, the nature of this particular breach presents unique challenges and ethical dilemmas. The incident raises questions about the appropriate response to such attacks, the role of hackers in identifying vulnerabilities, and the potential consequences of publicly commending them. It also highlights the need for heightened security measures and continuous efforts to ensure the integrity and resilience of DeFi protocols.

Security issues in the DeFi sector

The hack of Prisma Finance serves as a stark reminder of the security vulnerabilities that exist within the DeFi sector. Despite efforts to implement robust security measures, the constantly evolving nature of DeFi protocols presents ongoing challenges in identifying and addressing potential vulnerabilities. The existence of hackers who exploit these vulnerabilities further underscores the need for increased security measures and proactive risk mitigation strategies. The incident serves as a wake-up call for the DeFi community, emphasizing the importance of prioritizing security and adopting best practices to safeguard user funds and maintain market confidence.

Unprecedented challenges and ethical dilemmas

The hack of Prisma Finance has brought about a set of unprecedented challenges and ethical dilemmas for the DeFi sector. The hacker’s demands, particularly the requirement for public acknowledgment and commendation, pose a dilemma for protocols like Prisma Finance. Publicly praising a hacker for illegal activities raises ethical concerns and could incentivize similar attacks in the future. However, the need for transparency, accountability, and lessons learned from such breaches is also crucial for the development and maturation of the DeFi industry. Striking a balance between addressing security concerns and promoting responsible behavior within the DeFi community is a complex challenge that requires careful consideration and collaboration among industry participants.

Observations and implications for the DeFi community

The hack of Prisma Finance and the subsequent events surrounding it have significant implications for the DeFi community. The incident highlights the ever-changing and evolving nature of the DeFi sector, with new security challenges and risks emerging regularly. It underscores the importance of constant vigilance, thorough security audits, and the adoption of best practices to mitigate potential vulnerabilities. Additionally, the ethical dilemmas presented by the hacker’s demands raise questions about how the DeFi community should address security breaches and respond to hackers in a manner that promotes transparency, accountability, and responsible behavior. This incident serves as a learning opportunity for the DeFi community as it navigates the complexities of the evolving landscape and works towards establishing industry standards that prioritize security, resilience, and user trust.

420975661 930960805057803 3457597750388070468 n


View all

view all