Prisma Finance, a decentralized finance (DeFi) company, has stated that there are still $540,000 in funds from accounts that have not yet revoked the smart contract responsible for last week’s $11.6 million exploit. In response, the hacker behind the exploit has claimed that they will not return the funds until Prisma Finance apologizes and reveals the team’s identity online.
In a post titled “path forward” on April 1, Prisma Finance’s core contributor, known as “Frank,” stated that the company would continue to seek the return of funds, but their top priority is to unpause the protocol and ensure the safety of all users’ wallets and positions. The exploit, which occurred on March 28, was a result of two MigrateTroveZap contracts that were meant to migrate user positions from one trove manager to another, according to a post-mortem from Prisma.
Despite efforts to recover the stolen funds, Frank noted that there are still 14 accounts that have not yet revoked the affected smart contract. Five of these accounts are still considered “at risk” with open trove positions totaling over $500,000. The largest “at risk” address contains $484,380, while the other four carry between $7,120 and $22,080.
As part of their “path forward,” Prisma plans to conserve additional reserves while attempting to recover the stolen funds. They have proposed reducing liquidity from POL and staked revenue from vePRISMA. Prisma emphasized that the exploited contract was isolated from the core protocol and that they plan to restart it once all user funds are secure.
Meanwhile, the self-proclaimed “white hat” hacker has accused Prisma Finance of acting in bad faith and has demanded a public apology. The hacker insists that the funds will not be returned unless Prisma holds an online conference where the entire team reveals their identities, shows their faces, and apologizes to all users and investors for failing to properly audit their smart contract. The hacker also wants Prisma to acknowledge that they have no responsibility in the ordeal and are only trying to help rectify the company’s mistake.
In response, Prisma Finance pointed out that the hacker has not returned any funds to show good faith either. The two sides have continued to argue in on-chain messaging.
Since the attack, blockchain security firms Cyvers and Peckshield have observed that the hacker has started swapping the stolen funds to Ether (ETH), with around 200 Ether being transferred to the United States Treasury’s Office of Foreign Assets Control-sanctioned cryptocurrency mixer, Tornado Cash.
Before the exploit, Prisma Finance had approximately $220 million in total value locked on its protocol, but that figure has dropped to $87 million, according to DefiLlama.