Prisma Finance Suffers $11 Million Hack Involving FixedFloat Exchange

03/28/2024 23:00
Prisma Finance Suffers $11 Million Hack Involving FixedFloat Exchange

Prisma Finance was the victim of a sophisticated hack involving FixedFloat, which resulted in a loss of $9 million.

Hassan Shittu

Last updated: | 2 min read

Prisma Finance Faces $9 Million Hack Involving FixedFloat Exchange

Prisma Finance, a leading decentralized finance (DeFi) protocol, was the victim of a sophisticated hack involving the FixedFloat exchange, which resulted in a loss of $9 million.

The protocol team has acknowledged the breach, and their engineers have already halted the DeFi protocol to investigate the attack.

Prisma Finance Hit by $11 Million Exploit, Security Firms Confirm

🚨UPDATE🚨Our system has detected multiple suspicious transactions with @PrismaFi and still ongoing!

Total loss so far is around $9M. Attacker has funded by @FixedFloat!

Our system has detected the malicious contract 2 min earlier than hack transactions!👇

Our system would… https://t.co/9myoV8DL22 pic.twitter.com/SxT5yYZy7U

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 28, 2024

According to Cyvers, a Web3 cybersecurity firm that was the first to detect suspicious transactions involving Prisma Finance, the attacker, allegedly funded by FixedFloat, executed multiple transactions resulting in the theft of 1,965.39 wrapped staked Ethereum (wstETH), initially valued at around $9 million.

Blockchain security firm PeckShield confirmed the attack, indicating that Prisma mkUSD and wrapped stETH were among the stolen assets.

Hi @PrismaFi, you may want to a look (w/ $8.1m) pic.twitter.com/VQ8tnv6dYW

— PeckShield Inc. (@peckshield) March 28, 2024

Subsequently, the attackers converted these assets to Ethereum (ETH), indicating a calculated and targeted approach to exploiting vulnerabilities in the platform.

Following the initial alert, PeckShield, in another alert on X, stated that an additional $1 million in fraudulent transactions was detected, bringing the total stolen funds close to $11 million, “the attack is ongoing, with the total loss now increased to ~3,257.7 ETH (worth ~$11.6 million).”

#PeckShieldAlert The attack is ongoing, with the total loss now increased to ~3,257.7 $ETH (worth ~$11.6 million)
To vault owners, please follow up on notifications from the official source and be cautious about scams pic.twitter.com/5HYGYCROIP

— PeckShieldAlert (@PeckShieldAlert) March 28, 2024

PeckShield urged vault owners to stay vigilant and follow official notifications to avoid scams. They also warned of other scammers attempting to exploit the situation, noting the presence of a fraudulent Prisma Finance account with a golden badge trying to mislead users with a suspicious link.

Prisma Finance Responds to Possible Exploit as DeFi Sector Continues to Face Challenges

We are aware of a possible exploit on Prisma.

Core engineering contributors will pause the protocol and investigate.

We'll share an update and a post-mortem.

— Prisma Finance (@PrismaFi) March 28, 2024

In response, Prisma Finance engaged with its followers on X to provide an update on the situation. Prisma Finance stated that its core engineers and contributors would pause the protocol to conduct a thorough investigation. Moreover, Prisma urged its users to revoke all connections to prevent the loss of funds.

Due to the recent exploit, Prisma urges all users to revoke all connections to prevent loss of funds 🚨

All users who connected their wallets to the platform are at risk of future fund loss.

Check exposure to the exploit and revoke now 🔒

Revoke Now ⤵️https://t.co/KdL81iGL1M

— Prisma Finance (@ernanaa) March 28, 2024

Notably, Prisma Finance is a decentralized liquid staking token protocol with a total value locked (TVL) of over $222 million, as reported by DefiLlama.

According to a Web3 bug bounty and security services platform Immunefi report, the crypto industry has clocked up $336.3 million in losses due to hacks and scams during the first quarter.

According to Immunefi, DeFi platforms, which account for nearly $100 billion of total value locked in web3 protocols, remain prime targets for hackers. Notably, all exploits identified by Immunefi in Q1 targeted DeFi, while centralized (CeFi) platforms experienced zero exploits during the same period.

Despite the significant losses, $73.9 million (22%) of the stolen funds were successfully recovered from seven exploits. Additionally, attacks decreased by 17.6%, from 74 in Q1 2023 to 61 in Q1 this year.

While the $336.3 million in losses represents a substantial figure, it marks a notable 23.1% decrease compared to losses of $437.5 million reported in the same quarter last year.

Read more --->