Prisma Finance, a DeFi protocol, suffered a substantial security breach resulting in a loss of over $11 million, when an attacker exploited a vulnerability in its system. The hacker, who commandeered 3,257.57 ETH, has now come forward with a set of peculiar demands, offering to return the stolen funds. In an unprecedented twist, the cybercriminal insists that the Prisma team publicly disclose their identities and reveal the auditor of their code. This incident marks a notable moment in crypto security breaches.
Breaking Down the Heist
After the cyber theft, Prisma Finance took immediate action to mitigate further damage, urging users to revoke their delegate approvals and commencing a security audit. The issue was traced back to a critical flaw in two specific contracts within the protocol. The attacker has taken on the moniker of a “White Hacker” and has also called for the protocol to strengthen its security framework.
Hacker’s Uncommon Negotiation Tactics
The hacker’s proposition to the Prisma Finance team includes a requirement to rebrand the incident, removing terms like ‘attack’ and ‘attacker’ from official communications. The hacker chastised the team for their oversight and highlighted the incident as a learning opportunity for the DeFi community. By meeting these conditions, Prisma Finance could see a majority of the stolen assets returned, with the promise that the precise details of the restitution would be discussed in an online conference and communicated via email.
The community is watching as Prisma Finance navigates this unconventional scenario, which has evolved into a protest rather than a routine hack. Many protocols incentivize the discovery of vulnerabilities through bounty programs to avoid such confrontations, rewarding developers for enhancing security rather than exploiting it. However, this case has raised eyebrows due to the hacker’s extraordinary terms.
The Prisma Finance hack not only highlights the ever-present risks within the DeFi space but also showcases the unique dialogue that can occur between hackers and their targets. The outcome of this affair may set a precedent for how similar situations are handled in the future.
