Prisma Finance suffers $11.6m exploit

Prisma responded to say it was aware of a possible exploit and that “core engineering contributors will pause the protocol and investigate”.

Defi project Prisma Finance has been compromised by multiple attacks today, incurring an $11.6m loss according to crypto security firm Cyvers.

The malicious activity was flagged to the platform by Cyvers on X at 11.33am this morning, after it detected attacks on the Prisma Finance Trove Manager Contract.

The attacker was funded by non-custodial exchange FixedFloat and seven minutes later deployed a malicious contract that was detected by Cyvers two minutes before the first exploit transaction.

The exploit continued with 10 transactions detected in total to a value of $11.6m.

Prisma is a decentralized borrowing protocol that allows users to mint a non-custodial and decentralized Ethereum LST-backed stablecoin, mkUSD, that is fully collateralized by liquid staking tokens.

In addition to the collateral, the loans are secured by a Stability Pool containing mkUSD and by fellow borrowers collectively acting as guarantors of last resort.

Prisma responded to the attack on X at 11.51am to say it was aware of a possible exploit and that “core engineering contributors will pause the protocol and investigate”. The project said it would “share an update and a post-mortem”.

This afternoon it went on to say: “Following the exploit affecting a number of users individual vaults, Prisma Protocol has been paused by the emergency multisig and remaining funds are safe. mkUSD and ULTRA, as stablecoins, are overcollateralized and are not at risk.”

The project is currently paused, and vault owners have been asked to revoke delegate approval with instructions on how to do so also posted on X.

“All users who connected their wallets to the platform are at risk of future fund loss,” a message on X said. The platform has said it will attempt to retrieve funds.

Cyvers recently uncovered breaches at crypto gambling platforms Duelbits and PlayDapp. The former is thought to have lost around $4.6m, while the latter had an estimated $290m worth of PLA tokens stolen.

Cyvers continuously monitor suspicious activities and vulnerabilities, using advanced AI algorithms and blockchain analytics.

Looking for your next crypto casino? Check out Mega Dice or FortuneJack!

Written by Hannah

Hannah is editor of and has almost 15 years experience in journalism, including reporting on law, TV, gambling, crypto and alternative finance. She is particularly interested in the future of money, the transition of gambling from 'vice' industry to mainstream entertainment and the application of blockchain technology to wider society.

Similar News