In a recent cyber attack, Prisma Finance, a decentralized finance (DeFi) protocol known for its stablecoins supported by Ethereum liquid staking and re-staking tokens (LRTs), suffered a significant loss of approximately $12 million. The exploit, which occurred on March 28, 2024, has raised concerns about the security of DeFi platforms and the need for robust defenses against such attacks.
The Vulnerability and Exploitation
The attackers targeted a vulnerability within the Prisma Finance MigrateTroveZap contract. This contract failed to validate data from onFlashloan() operations, allowing the attackers to manipulate the migration process. Here’s how the attack unfolded:
- Exploitation: The attackers exploited the vulnerability by manipulating the migration process, resulting in the loss of assets.
- Flash Loans: The attackers used multiple flash loan transactions to siphon off 2,821.3 Wrapped Staked Ether (wstETH).
- Asset Swap: The stolen wstETH was swiftly swapped for 3,257.69 Ether (ETH), valued at approximately $11.6 million at the time of the attack.
Prisma Finance’s Response
The Prisma Finance team promptly responded to the incident. The protocol was paused by its emergency multi-signature wallet, ensuring the safety of the remaining funds. Fortunately, mkUSD and ULTRA stablecoins remain overcollateralized and are not at risk.
Next Steps
Prisma Finance aims to publish a detailed post-mortem on the incident and explore avenues to retrieve the stolen funds.
Jude Blair is a blockchain news writer at Crypto Quill, with a passion for unraveling the intricacies of distributed ledger technology and its impact on the digital landscape. With a sharp focus on blockchain innovations and industry trends, Jude’s articles offer readers comprehensive insights into the evolving world of cryptocurrencies. Known for his analytical prowess and dedication to factual reporting, Jude brings a fresh perspective to blockchain news, delivering timely and engaging content that educates and empowers audiences.