Decentralized finance (DeFi) company Prisma Finance says it still has $540,000 in accounts that have not yet revoked the smart contract that led to last week’s $11.6 million breach.
Meanwhile, the self-proclaimed "white hat" hackers behind the breach said they would block the return of funds until the company apologized and revealed the team's identity online.
In a "Way Forward" post on April 1, core contributor "Frank" said that the company will continue to seek the return of funds, but the first priority is to lift the suspension agreement, saying that all users need to ensure that their wallets and The position is protected. Safety first.
According to a recently updated postmortem by Prisma, the protocol suffered a multimillion-dollar attack on March 28, which was later discovered to be the result of two MigrateTroveZap contracts designed to manage user locations from a trove The server will be migrated to another manager on March 31st. However, Frank noted that there are still 14 accounts that have not yet revoked the affected smart contracts, five of which remain “at risk” with total open positions exceeding $500,000. “Several of the affected Troves have withdrawn contracts containing the flaw, leaving approximately $540,000 in collateral at risk at the time of writing.”
Prisma is a decentralized lending protocol that uses “treasures” (Ethereum addresses) where users can withdraw and maintain loans.
The largest "risk" address contained $484,380, while the other four addresses contained $7,120 to $22,080. Frank explained that part of its "path forward" is to "maintain additional reserves" while Prisma attempts to recover the stolen funds.
A new proposal was made on April 1st to reduce POL’s liquidity and vePRISMA’s staking revenue.
Prisma also emphasized that the exploited contract is isolated from the core protocol and plans to restart the contract once remaining user funds are secure. Meanwhile, the self-proclaimed “white hat” accused the DeFi company of failing to act in good faith and claimed that funds would not be returned unless a public apology was made.
Part of the apology included Prisma holding an online meeting where the entire team had to show up with ID and apologize to all users and investors for failing to properly audit its smart contracts.
In an on-chain message on March 30, the attacker wrote:
“At that meeting, you must specifically state the mistake you made, which party audited the smart contract, and your plans to improve security in the future.”
The exploiters also want Prisma to admit they had "no responsibility" in the ordeal and were only trying to help Prisma right her wrongs. However, Prisma fired back, pointing out that the exploiter had yet to return any funds to show sincerity, and the two sides continued to argue in on-chain messages.
"There is little evidence that we can tell whether you sincerely intend to return assets. Most of the true white hats have now returned at least some of their funds." Since the attack, blockchain security firms Cyvers and Peckshield have observed that hackers have begun converting stolen funds into ether, approximately 200 Ethereum was transferred to Tornado Cash, a cryptocurrency mixer approved by the U.S. Treasury Department’s Office of Foreign Assets Control.
According to DefiLlama, Prisma Finance's protocol had a total value locked of around $220 million before the vulnerability was exploited, but that number has plummeted to $87 million.



















