$11 600 000 USD

MARCH 2024




"The end game for Liquid (re)Staking Tokens Non-custodial and decentralized Ethereum LST & LRT backed stablecoins"


"Prisma is a decentralized borrowing protocol that allows users to mint a stablecoin, mkUSD, that is fully collateralized by liquid staking tokens.


In addition to the collateral, the loans are secured by a Stability Pool containing mkUSD and by fellow borrowers collectively acting as guarantors of last resort. Learn more about these mechanisms under liquidations.


Prisma as a protocol is non-custodial, immutable, and censorship-resistant. Learn more about the protocol here."


"Prisma LRT by Prisma Finance introduces vaults collateralized with Liquid Restaking Tokens (LRTs)" "Earn yield on your mkUSD’s via Prisma’s Stability Pool or on other DeFi apps such as Curve and Convex."


"Prisma enables users to mint a stablecoin, mkUSD, that is fully collateralized by liquid staking tokens. The stablecoin will be incentivized on Curve and Convex Finance to create a capital-efficient flywheel where users can receive trading fees, CRV, CVX, and PRISMA on top of their Ethereum staking rewards.


The Prisma codebase is completely immutable, based on Liquity, creating a robust protocol and truly decentralized stablecoin with favorable and flexible collateral parameters. These features make it attractive for those wanting to get the best out of their LSTs without tail risks from other stablecoins. The Prisma DAO will be in charge of parameters, emissions, and protocol fees."


"Prisma's codebase has received multiple audits from top firms. Our codebase is immutable and without proxies, as DeFi should be."


"The first batch of malicious transactions occurred at 11:29 am UTC on March 28. Prisma Finance is still investigating the root cause of the attack.


Blockchain security firm PeckShield estimated about $11.6 million was stolen and sent to three separate addresses.


The hacker then started swapping the stolen funds to Ether (ETH), according to blockchain security firm Cyvers. PeckShield later observed about 200 Ether was transferred to OFAC-sanctioned cryptocurrency mixer Tornado Cash."


"As shown by PeckShield’s above image, other scammers are trying to benefit from the exploit. Under the official Prisma Finance announcement, a scam Prisma Finance account with a golden badge is trying to redirect users to a suspicious link. On closer inspection, it can be seen that the fraudulent account has no connection to Prisma Finance."


"The protocol suffered a multimillion-dollar exploit on March 28, which was later revealed to be the result of two MigrateTroveZap contracts, which were designed to migrate user positions from one trove manager to another, according to a post-mortem post from Prisma last updated on March 31."


"Prisma Finance deployed a contract called MigrateTroveZap to facilitate trove owners migrating their Troves (collateralized debt positions) to new TroveManager contracts. This was part of a broader system upgrade announced in March 2024.


As part of these updates, Prisma deprecated the original 4 LST (Liquid Staking Token) Vaults with a 4% interest rate cap, replacing them with new LST Vaults, allowing for higher rates. The 3 LRT (Liquid Restaking Token) Vaults were also deprecated and replaced with new versions optimized for more efficient redemptions.


Prisma built the MigrateTroveZap helper contract to ensure a smooth transition, enabling trove owners to seamlessly move their Trove positions from the old TroveManager contracts to the new ones without needing to close positions, remove liquidity, or incur additional costs. The contract uses flash loans to close the user's old Trove and immediately open a new Trove with the same collateral and debt in the new TroveManager, all in one atomic transaction.


These changes followed Prisma's standard DAO governance process, with the migration starting with the deployment of the MigrateTroveZap contract on March 20th, 2024, and the first trove owners migrating Troves using the helper contract from March 23rd onwards."


"“Hi, this is a whitehat rescue, who can I contact to refund,” the exploiter said on March 28, around 6 hours after the attack. The message came from the address “0x2d4…7507a” — which was earlier identified as being one of three addresses linked to the attack."

Prisma Finance offers a loan making protocol which allows "troves" of collateralized debt positions to be migrated. Unfortunately, an issue happened with the migration to a new trove management protocol, which allowed a Flash loan exploit to take the funds. The attacker initially tried to cash out their funds, then turned around and claimed to be a whitehack hacker. They refused to return funds until the team behind the protocol disclosed their identities and issued a public apology.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.