Prisma Finance, a decentralized finance (DeFi) company, has revealed that there is still $540,000 of funds remaining in accounts that have not yet revoked the smart contract responsible for the recent $11.6 million exploit. However, the hacker behind the exploit, who claims to be a “white hat” hacker, has stated that they will not return the funds until Prisma Finance apologizes and reveals the identity of their team online.
In a post titled “path forward,” core contributor “Frank” stated that while they will continue to pursue the return of funds, the top priority is to unpause the protocol. However, they emphasized the need for all users to ensure the safety of their wallets and positions first.
According to a post-mortem report from Prisma, the exploit was the result of two MigrateTroveZap contracts designed to migrate user positions from one trove manager to another. Despite this, Frank noted that there are still 14 accounts that have not revoked the affected smart contract, with five of them still “at risk” and holding a total of over $500,000 in open trove positions.
Prisma Finance is a decentralized borrowing protocol that utilizes “troves” as Ethereum addresses where users can take out and maintain loans. The largest “at risk” address contains $484,380, while the other four hold amounts ranging from $7,120 to $22,080.
As part of their plan to recover the stolen funds, Prisma intends to conserve additional reserves. They have proposed reducing liquidity from POL and staked revenue from vePRISMA. Prisma emphasized that the exploited contract was isolated from the core protocol and that they plan to restart it once all user funds are secure.
The self-proclaimed “white hat” hacker has accused Prisma Finance of acting in bad faith and has demanded a public apology. The hacker insists that the funds will not be returned until Prisma holds an online conference where the entire team reveals their identities, shows their faces, and apologizes to all users and investors for their failure to properly audit the smart contract. The hacker also wants Prisma to acknowledge that they have no responsibility in the ordeal and are only trying to help rectify the company’s mistake.
In response, Prisma Finance pointed out that the hacker has not returned any funds to demonstrate good faith either. The two parties have continued to argue in on-chain messaging.
Since the attack, blockchain security firms Cyvers and Peckshield have observed that the hacker has started swapping the stolen funds to Ether (ETH), with about 200 Ether being transferred to the OFAC-sanctioned cryptocurrency mixer, Tornado Cash.
Before the exploit, Prisma Finance had approximately $220 million in total value locked on its protocol. However, this figure has dropped to $87 million following the incident, according to DefiLlama.