Prisma’s re-pledging project faces a scandal: hackers demand team to publicly apologize and disclose true identities via live streaming

Prisma Hacker: DeFi Vulnerabilities Are Developers’ Responsibility, Prisma Team Shows No Remorse

Prisma Finance, a project that involves the pledging of liquidity tokens (LRT), was hacked on the 18th, resulting in a loss of over $10 million. The team promptly closed the contract and advised users to revoke wallet authorizations, while also engaging in negotiations with the hacker.

The hacker, who refers to themselves as a white hat hacker, claims to be returning the majority of the funds but has also set forth several conditions for the agreement.


(
Prisma Finance contract has been closed, team: please revoke relevant authorizations
)

Hacker: Whose responsibility is it if the contract has issues?

On the 29th, the hacker raised several questions to the team but seemingly did not receive satisfactory answers:

Was there an audit before contract deployment?
How do you view the term “smart contract”?
In a situation like this, what is the responsibility of the developer?
The hacker stated:

I am doing this not for any purpose, but to make people take smart contract audits, developer work attitudes, and project responsibilities more seriously.

Official response from Prisma:

We understand that developers have a responsibility to make every effort to ensure the contract is bug-free. We have always taken the audit responsibility seriously; however, part of the code was overlooked during the audit process. Once the funds are returned, we will review the incident.

Hacker:

Prisma team shows no remorse

The hacker pointed out three inaccuracies in the official response:

Lack of sincerity: Delayed response and evasive answers.
Lack of gratitude: No appreciation towards the white hat hacker and no expression of gratitude for the users’ wait.
Lack of remorse: No apology to the users and no concrete improvement measures.

The hacker highlighted that Prisma took over ten hours to respond to blockchain messages and expressed dissatisfaction with the terms “exploitation” and “attack” mentioned by Prisma.

The hacker demanded that the team hold an online briefing, with all members presenting identification, and apologize to all users, explain the specific code vulnerabilities in the protocol, and outline future improvement measures.

Despite the official deletion of terms such as “exploitation” and “attack,” the hacker strongly refuted Prisma’s response, stating that it did not address the three inaccuracies mentioned earlier:

Dear Prisma team, once again, you have overlooked the three elements I requested. Do not attempt to evade mistakes or shift blame. If I didn’t hack, another hacker might have stepped in. In other words, under certain circumstances, this vulnerability is the protocol’s perfect backdoor, and no professional developer would make such a mistake. For other dear users, please rest assured that if I were a hacker, I would have already disappeared. I did not benefit from attacking Prisma. I don’t want DeFi to experience such foolishness again; I only want those who make mistakes to take responsibility instead of blaming others.

Prisma
Prisma Finance
White Hat Hacker
Hacker

Further reading:

Prisma Finance contract has been closed, team: please revoke relevant authorizations

Prisma Finance attacked, cybersecurity experts comment: Restaking caused a breach, with a loss exceeding $10 million.

Leave a Reply

Your email address will not be published. Required fields are marked *