Prisma Finance has unveiled a strategy to cautiously restart operations following a hack that resulted in a loss of $11.6 million and prompted a temporary pause of the platform on March 28.
Reinstating borrowing capabilities on Prisma hinges upon achieving consensus through an ongoing community vote.
Prisma Finance Exploited for $10 Million: Recovery Efforts and Governance Response
On March 28, the decentralized finance (DeFi) protocol Prisma Finance was exploited to steal around $10 million worth of cryptocurrencies. The exploit at Prisma Finance was executed through a flaw in the migration zap contract, leading to a loss of approximately $11.6 million.
This contract was intended to manage transitions between trove managers but was manipulated to extract assets, including wrapped-staked Ethereum (wstETH). The stolen assets were swiftly converted to Ethereum (ETH), complicating efforts to track and recover the funds.
The protocol claimed that the core functionality of Prisma Finance remained unaffected. The issue was confined to a specific component, the migration zap contract, thereby not compromising the protocol.
New Snapshot Vote: [PIP-036] 🌈
As we progress towards unpausing Prisma, the next step involves this Snapshot vote. This will bring us closer to re-enabling the ability for our users to deposit LSTs & LRTs and borrow our overcollateralized stablecoins.
Your participation is… pic.twitter.com/pG81WpFVN3
— Prisma Finance (@PrismaFi) April 4, 2024
Prisma Finance enacted an emergency pause on all trove managers in response to the breach. This action has halted all borrowing activities and prevented new liquidity from being introduced into the protocol, aiming to stabilize the situation. However, the Prisma Finance DAO subsequently launched a four-day governance vote the next day, which will end on April 7.
As of the latest update, the proposal to resume borrowing activities on Prisma has garnered unanimous support, with a 100% “Yes” vote from participating DAO members, indicating robust community backing. However, the final decision will be determined after the voting deadline.
Users are strongly advised to revoke delegate approvals for open positions, as the protocol’s unpause may carry the risk of fund loss. Previously, the protocol had identified 14 accounts that had yet to revoke the affected smart contract, potentially exposing them to a combined loss of $540,000.
Plans to Resume Borrowing Activities After Exploit
On April 3, core contributor Frank Olson presented a plan to “safely” unpause the Prisma protocol, thereby reinstating functionalities such as the ability for users to deposit liquid staking tokens (LSTs) and liquid restaking tokens (LRTs) and borrow overcollateralized stablecoins.
Olson addresses the significance of unpausing the protocol, stating that the action is pivotal for the recovery process and reinstating normal operations, including complete Vault management and deposits into the Stability Pool. He also highlighted Prisma’s ongoing commitment to enhancing security measures, including engaging in continuous auditing services, bug bounty programs, and overall security enhancements.
Notably, according to the forum post by Frank, Prisma Finance has outlined its immediate response and forthcoming steps following the hack.
To address the exploit, Prisma Finance has proposed several key measures. Firstly, there will be a significant reduction in protocol-owned liquidity (POL) by decreasing the weekly POL amount from $40,000 to $0. Additionally, the distribution to stakeholders will be impacted, with the weekly amount allocated to vePRISMA holders halved from $160,000 to $80,000.
Frank highlighted that these proposed changes are not intended to be permanent but are deemed necessary now. He stated,
“As new information comes in about this situation, we will also commit to revisiting these parameter changes 1 week after passage.”