Prisma Finance, a decentralized finance (DeFi) protocol, fell victim to an exploit on March 28, resulting in the theft of approximately $10 million worth of cryptocurrencies. The anomaly was first detected by on-chain security alert provider Cyvers, who reported multiple suspicious transactions involving PrismaFi. It was revealed that the attacker had been funded by FixedFloat. Shortly after the initial alert, Cyvers identified an additional $1 million in fraudulent transactions, bringing the total amount of exploited funds close to $10 million.
In response to the incident, Prisma Finance announced that its core engineers and contributors would temporarily pause the protocol to conduct an investigation. According to DefiLlama, Prisma has a total value locked (TVL) of over $222 million.
Following the exploit, the attacker promptly began swapping the stolen funds for Ether. On-chain security firm PeckShield confirmed that the attack was ongoing. In addition, PeckShield’s analysis revealed that other scammers were attempting to take advantage of the situation. A scam Prisma Finance account, falsely claiming affiliation with the project, was found redirecting users to a suspicious link. It is important to note that this fraudulent account has no connection to Prisma Finance.
The incident adds to the growing number of crypto hacks and scams, which continue to undermine the industry’s legitimacy. According to blockchain security firm Immunefi, more than $200 million worth of crypto has been lost to hacks and rug pulls in 2024. This represents a 15.4% increase compared to the same period in 2023, when $173 million was stolen. In total, $1.8 billion was lost to crypto hacks and scammers in 2023, with the North Korean Lazarus Group being responsible for 17% of the total losses, as reported by Immunefi.
The exploit of Prisma Finance serves as a reminder of the ongoing challenges faced by the cryptocurrency industry in terms of security and trust.