Prisma Finance Experiences $11 Million Hack Involving FixedFloat Exchange

Prisma Finance Falls Victim to $11 Million Hack Involving FixedFloat Exchange


By Hassan Shittu
Updated:
March 28, 2024 12:00 EDT
|
2 min read


Prisma Finance, a prominent decentralized finance (DeFi) protocol, has been targeted in a sophisticated cyber attack connected to the FixedFloat exchange, resulting in a loss of $9 million.
The protocol team has acknowledged the breach and has temporarily halted the DeFi protocol to conduct a thorough investigation into the incident.
Prisma Finance Hit by $11 Million Exploit, Confirmed by Security Firms
Cyvers, a Web3 cybersecurity firm that first detected suspicious transactions involving Prisma Finance, revealed that the attacker, allegedly backed by FixedFloat, carried out multiple transactions that led to the theft of 1,965.39 wrapped staked Ethereum (wstETH), initially valued at approximately $9 million.
Blockchain security firm PeckShield has verified the attack and stated that Prisma mkUSD and wrapped stETH were among the assets stolen.
Subsequently, the attackers converted these assets into Ethereum (ETH), demonstrating a deliberate and targeted approach to exploiting vulnerabilities within the platform.
Following the initial alert, PeckShield issued another warning on X, stating that they had detected an additional $1 million in fraudulent transactions, bringing the total stolen funds to nearly $11 million. They also noted that the attack is ongoing, with the total loss now standing at around ~3,257.7 ETH (equivalent to ~$11.6 million).
PeckShield advised vault owners to remain vigilant and follow official notifications to avoid falling victim to scams. They also cautioned users about other scammers attempting to take advantage of the situation, highlighting the existence of a fraudulent Prisma Finance account with a golden badge that is attempting to mislead users with a suspicious link.
Prisma Finance Responds to Potential Exploit as DeFi Sector Continues to Face Challenges
In response, Prisma Finance took to X to provide an update on the situation for its followers. The team stated that they would pause the protocol to conduct a thorough investigation with the help of their core engineers and contributors. Additionally, Prisma urged users to revoke all connections to prevent any further loss of funds.
It is worth noting that Prisma Finance is a decentralized liquid staking token protocol with a total value locked (TVL) of over $222 million, as reported by DefiLlama.
According to a report by Immunefi, a Web3 bug bounty and security services platform, the crypto industry has suffered losses of $336.3 million due to hacks and scams in the first quarter.
Immunefi further highlighted that DeFi platforms, which account for almost $100 billion of the total value locked in web3 protocols, remain attractive targets for hackers. Notably, all exploits identified by Immunefi in Q1 were directed at DeFi platforms, while centralized (CeFi) platforms experienced no exploits during the same period.
Despite the significant losses, $73.9 million (22%) of the stolen funds have been successfully recovered from seven exploits. Additionally, the number of attacks has decreased by 17.6%, dropping from 74 in Q1 2023 to 61 in Q1 of this year.
While the $336.3 million in losses is a substantial amount, it represents a notable 23.1% decrease compared to the losses of $437.5 million reported in the same quarter last year.
Follow Us on Google News