Prisma (White Hat) Hacker: DeFi Vulnerabilities Are Completely the Developers’ Fault, Prisma Team Shows No Remorse, Demands Apology for Code Vulnerabilities and Public Disclosure of Team’s True Identities, Both Parties Remain Deadlocked Through Blockchain Messages.
Table of Contents
Toggle
Prisma Suffers Multi-Million Dollar Hack
Prisma Hacker: Where Is the Accountability of the Project Party for Contract Issues?
Hacker: Prisma Team Shows No Remorse
Prisma Suffers Multi-Million Dollar Hack
Prisma Finance, a project involving the pledging of liquidity-representing tokens (LRT), was hacked on the 18th, resulting in a loss of over $10 million. The team immediately closed the contract and advised users to revoke relevant wallet authorizations while negotiating with the hacker.
The attacker self-proclaimed as a white hat hacker and claimed to return the majority of the funds but also set out many conditions for the agreement.
Advertisement – Continue Reading Below
(
Prisma Finance contract has been closed, team: please revoke relevant authorizations for users.
)
Prisma Hacker: Where Is the Accountability of the Project Party for Contract Issues?
On-chain messages show that the hacker raised many questions with the team on the 29th but seemingly did not receive satisfactory answers:
Was there an audit before contract deployment?
How do you view the term “smart contract”?
In such circumstances, what is the responsibility of the developer?
The hacker stated:
I am doing this not for any purpose but to make everyone take smart contract audits, developers’ work attitude, and the project party’s sense of responsibility more seriously.
Prisma Official Response:
We understand that developers have the responsibility to make every effort to ensure contract security. We have always taken contract auditing seriously. However, some parts of the code were overlooked during the auditing process. Once the funds are returned, we will review the incident.
Hacker:
Prisma Team Shows No Remorse
The hacker pointed out three inaccuracies in the official response:
Lack of sincerity: delayed response and evasive answers.
Lack of gratitude: no gratitude towards the white hat hacker, no expression of gratitude for users’ waiting.
Lack of remorse: no apology to users and no specific improvement measures.
The hacker highlighted that Prisma took more than ten hours to reply to the blockchain message and was also dissatisfied with the use of terms such as “exploitation” and “attack” mentioned by Prisma.
The hacker demanded that the team hold an online briefing, with all members presenting identification, apologize to all users, explain the specific code vulnerabilities in the protocol, and outline future improvement measures.
Finally, despite the official deletion of terms such as “exploitation” and “attack,” the hacker sternly refuted the messages from the Prisma team, stating that they did not address the three inaccuracies mentioned earlier:
Dear Prisma team, once again, you have neglected the three elements I requested. Do not attempt to evade mistakes or shift blame. If I didn’t hack, other hackers might have intervened. In other words, this vulnerability is a perfect backdoor in the protocol under certain circumstances, and no professional developer would make such a mistake. Rest assured, other dear users, if I were a hacker, I would have disappeared long ago. I did not benefit from attacking Prisma. I don’t want DeFi to experience such foolishness again. I just want those who make mistakes to take responsibility instead of blaming others.
Prisma
Prisma Finance
White Hat
Hacker
Further Reading
Prisma Finance contract has been closed, team: please revoke relevant authorizations for users.
Prisma Finance attacked, cybersecurity experts comment: Restaking has blown up, resulting in a loss of over $10 million.