Prisma Finance, a DeFi firm, disclosed that approximately $540,000 remains unclaimed in accounts associated with the recent $11.6 million exploit, with users yet to revoke the smart contract involved.
White Hat Hacker Behind the Exploit
Meanwhile, the self-proclaimed “white hat” hacker behind the exploit has declared that they will withhold the return of funds until Prisma Finance apologizes and reveals their team’s identity online.
In a recent “path forward” post on April 1, core contributor Frank emphasized that their primary goal is to unpause the protocol. However, they stressed the importance of all users ensuring the safety of their wallets and positions first.
A major vulnerability was detected in the protocol, which experts linked to two MigrateTroveZap contracts aimed at transferring user positions between trove managers. Frank highlighted that 14 accounts have not yet deactivated the compromised smart contract. Among them, five accounts are still exposed, maintaining open trove positions valued at more than $500,000.
He mentioned that several impacted Troves have already canceled the exposed contract, but there is currently about $540,000 in collateral still at risk. Prisma runs a decentralized borrowing protocol that utilizes “troves,” which are essentially Ethereum addresses enabling users to borrow and oversee loans.
Prisma’s Recovery Strategy
The largest “at-risk” address contains $484,380, while the other four range from $7,120 to $22,080. As part of its recovery strategy, Prisma aims to “conserve additional reserves.” They recently proposed reducing liquidity from POL and staked revenue from vePRISMA.
Prisma also clarified that the exploited contract was isolated from the core protocol and plans to reactivate it once all remaining user funds are secure.
