Liquid staking protocol Prisma Finance fell victim to a security exploit on March 28, resulting in nearly $10 million in Prisma mkUSD and wrapped stETH being stolen by hackers.
The breach was initially detected by on-chain security alert provider Cyvers, which promptly flagged multiple suspicious transactions linked to Prisma Finance. The attackers reportedly received initial funding from FixedFloat, leading to a rapid response from the Prisma team to pause the protocol and launch an investigation.
“We are aware of a possible exploit on Prisma. Core engineering contributors will pause the protocol and investigate. We’ll share an update and a post-mortem,” Prisma Finance wrote on X. The team also advises vault owners to revoke delegate approval as a precautionary measure.
The situation escalated as the attackers began converting the stolen funds into Ether, with the total estimated loss reaching approximately 3,257.7 ETH (worth around $11.6 million), as reported by another on-chain security firm, PeckShield.
PeckShield’s alerts also warned of scammers attempting to capitalize on the situation by impersonating Prisma Finance in the aftermath of the exploit announcement.
Prisma Finance operates a decentralized liquid staking token protocol and has been a notable player in the DeFi space with over $222 million in total value locked (TVL). This exploit comes amidst a broader context of increasing security concerns within the cryptocurrency sector, highlighted by a 15.4% rise in hacked funds in the early months of 2024 compared to the same period in 2023, as reported by blockchain security firm Immunefi.
This latest incident adds to the growing tally of crypto heists, which has seen over $200 million lost to hacks and rug pulls in just the first two months of 2024. This marks a concerning trend in the digital asset industry, which suffered a total loss of $1.8 billion to hacks and scams in 2023. North Korean Lazarus Group was responsible for the bulk of these incidents.
