March 28, 2024: After the Storm Comes the Rainbow βοΈπ
Prisma Finance hacked, losses estimated at $9MM
All decent people abhor the too-frequent hacks in DeFi.
In sad news for the beleaguered Flywheel community, still shaken by last yearβs Vyper exploit, Prisma Finance was exploited this morning.
The issue was first reported publicly at 4:33 AM PT by Cyvers, reporting an issue with the TroveManager contract.
The team was quick to provide updates to the community throughout the events. If you havenβt already, disable delegate approval
Official post-mortems have not been issued, but losses are reportedly in the range of $9MM.
The root cause is reportedly a hack of the MigrateTroveZap contract, which the team released recently to urge users upgrade to new vaults
Thankfully for Liquity users, vaults of this manner are unique to Prisma, so the predecessor is apparently unaffected.
Somewhat amusingly, the hacker appears to have also been ripped off, by trying to move funds through MetaMaskβs swap feature.
The $PRISMA token reacted by trading at its usual decline
Prisma stablecoin $mkUSD suffered a little pressure but has mostly been holding peg within its usual range
However, the newer LRT-backed $ULTRA stablecoin is getting hit a bit harder
For the author, an early investor in $PRISMA, itβs a tough blow, but we remain long-term bullish and will continue holding steadfastly. Very sad to see the innovative protocol possibly becoming a victim of their haste to build and ship new features. We look forward to the full post-mortem and wish them a speedy recovery. Hopefully they emerge undaunted, and continue to keep building after the dust settles!