Prisma Finance recently revealed a strategy for resuming operations after a hack that resulted in a loss of $11.6 million, causing the platform to be temporarily paused on March 28. The restarting of borrowing capabilities on Prisma will depend on achieving consensus through an ongoing community vote. The exploit at Prisma Finance was executed through a flaw in the migration zap contract, resulting in the theft of approximately $10 million worth of cryptocurrencies, including wrapped-staked Ethereum (wstETH). The stolen assets were quickly converted to Ethereum (ETH), making it difficult to track and recover the funds. Despite this breach, the core functionality of Prisma Finance remained intact, as the issue was isolated to the migration zap contract and did not compromise the entire protocol.
Following the hack, Prisma Finance took immediate action by implementing an emergency pause on all trove managers to halt borrowing activities and prevent new liquidity from being introduced into the protocol. The Prisma Finance DAO initiated a four-day governance vote to decide on resuming borrowing activities, which is set to conclude on April 7. The proposal to resume borrowing activities has received unanimous support from participating DAO members, with a 100% “Yes” vote indicating strong community support. However, users are advised to revoke delegate approvals for open positions as the unpause may carry a risk of fund loss. The protocol had previously identified 14 accounts that had yet to revoke the affected smart contract, potentially exposing them to a combined loss of $540,000.
On April 3, core contributor Frank Olson presented a plan to safely unpause the Prisma protocol, allowing users to once again deposit liquid staking tokens (LSTs) and liquid restaking tokens (LRTs) and borrow overcollateralized stablecoins. Unpausing the protocol is considered essential for the recovery process and reinstating normal operations, including full Vault management and deposits into the Stability Pool. Prisma Finance has committed to enhancing security measures, such as continuous auditing services, bug bounty programs, and overall security enhancements. The protocol also outlined immediate response and forthcoming steps to address the exploit, including a reduction in protocol-owned liquidity and adjustments to stakeholder distributions to mitigate the impact of the hack.
The Prisma Finance community is currently participating in a Snapshot vote to decide on reenabling the ability for users to deposit LSTs & LRTs and borrow overcollateralized stablecoins, as part of the process to unpause the platform. Despite the hack and the subsequent loss of funds, Prisma Finance remains focused on recovery and strengthening security measures to prevent similar incidents in the future. The protocol is committed to revisiting parameter changes as new information emerges about the situation, with the intention that the proposed adjustments are temporary and necessary for the current situation. Prisma Finance acknowledges the importance of community involvement and support in navigating through the aftermath of the hack and ensuring the sustainability and security of the platform for all users.
