Decentralized finance (DeFi) protocol Prisma Finance was exploited for around $10 million worth of cryptocurrencies on March 28.
On-chain security alert provider Cyvers were the first to detect the anomaly, according to a March 28 X post:
“Our system has detected multiple suspicious transactions with @PrismaFi and still ongoing! Total loss so far is around $9M. The attacker has been funded by @FixedFloat! Our system has detected the malicious contract 2 min earlier than hack transactions!”
Shortly after the initial alert, Cyvers detected another $1 million fraudulent transactions, bringing the total amount of exploited funds near $10 million.
Prisma Finance said that its core engineers and contributors will pause the protocol and investigate, according to a March 28 X post.
Prisma is a decentralized liquid staking token protocol with over $222 million in total value locked (TVL) according to DefiLlama.
Related: Funds hacked in 2024 increased by 15.4% vs. the same period in 2023 — Immunefi
Hacked funds surpass $11.6 million
Following the initial exploit, the attacker has already started swapping the stolen funds to Ether, according to Cyvers.
The attack is still ongoing, according to on-chain security firm PeckShield, which wrote in a March 28 X post at 12:28 p.m. UTC:
“The attack is ongoing, with the total loss now increased to ~3,257.7 $ETH (worth ~$11.6 million). To vault owners, please follow up on notifications from the official source and be cautious about scams.”
As shown by PeckShield’s above image, other scammers are trying to benefit from the exploit. Under the official Prisma Finance announcement, a scam Prisma Finance account with a golden badge is trying to redirect users to a suspicious link. On closer inspection, it can be seen that the fraudulent account has no connection to Prisma Finance.
Crypto hacks continue to erode the legitimacy of the industry. Over $200 million worth of crypto has been lost to hacks and rug pulls in 2024 across 32 individual incidents up to Feb. 29, according to blockchain security firm Immunefi.
The over $200 million loss represents a 15.4% increase compared to January and February 2023, when $173 million of digital assets were stolen.
A total of $1.8 billion was lost to crypto hacks and scammers in 2023, of which 17% can be attributed to the North Korean Lazarus Group, according to a Dec. 28 report by Immunefi.
Related: Max pain $51K? Bitcoin options worth over $9.4B set to expire Friday