Prisma, a project for re-collateralization, faces a scandal, as hackers demand the team to issue a public apology via live stream and reveal their true identities
Prisma white-hat hacker claims that the numerous vulnerabilities in DeFi are entirely the developers' fault, and the Prisma team appears unapologetic. He demands that the team apologize for the code vulnerabilities and publicly disclose the team's real identities. Both parties are still in a deadlock, communicating through blockchain messages.
Table of Contents
Prisma Hacked for Millions of Dollars
The liquidity-backed token project Prisma Finance was hacked on the 18th, resulting in a loss of over $10 million. The team promptly closed the contract, advised users to revoke wallet authorizations, and is currently in negotiation with the hacker.
The attacker of Prisma claimed to be a white hat hacker, stating intentions to return most of the funds but also setting forth various conditions for the agreement.
Prisma Finance contract closed, team: Please revoke relevant authorizations
Prisma Hacker: Contract Issues, What About Project Responsibility?
On-chain messages show that the hacker raised several questions to the team on the 29th but seemed unsatisfied with the responses:
Was there an audit before contract deployment?
How do you view the term "smart contract"?
In situations like this, what is the developer's responsibility?
The hacker stated:
I'm not doing this for any purpose but to raise awareness about the importance of smart contract audits, the developers' work ethic, and the project's own sense of responsibility.
Official response from Prisma:
We understand that developers have a responsibility to ensure contracts are bug-free to the best of their ability. We have always taken the audit responsibility of the contract seriously, however, some code was overlooked during the audit process. Once the funds are returned, we will review the incident.
Hacker: Prisma Team Shows No Remorse
The hacker pointed out three errors in the official response:
Lack of sincerity: Delayed responses and evasive answers.
Lack of gratitude: No appreciation shown towards white hat hackers, no gratitude expressed for users' patience.
Lack of remorse: No apologies to users, no concrete improvement measures.
The hacker mentioned that Prisma took over a dozen hours to respond to blockchain messages and expressed dissatisfaction with Prisma's use of terms like "exploitation" and "attack."
The hacker requested the team to hold an online briefing where all members must present identification, apologize to all users, explain the specific vulnerabilities in the protocol code, and outline future improvement measures.
Despite the official removal of terms like "exploitation" and "attack," the hacker vehemently refuted Prisma's response, stating that it did not address the three errors mentioned earlier:
Dear Prisma team, once again, you have ignored my three requests. Do not try to evade responsibility or blame others. If I didn't hack, another hacker might have. In other words, this vulnerability was a perfect backdoor in the protocol under certain circumstances that no professional developer would make. Rest assured, dear users, if I were a hacker, I would have fled long ago. I did not benefit from attacking Prisma. I do not want DeFi to experience such foolishness again. I only want those who make mistakes to take responsibility instead of blaming others.
Related
- Is Uniswap Governance a Shell? DAO Representative Accuses Uniswap of Unveiling Unichain Without Their Knowledge
- EigenLayer launches the second season staking airdrop event, distributing 86 million EIGEN tokens.
- DeFi is still a human affair! Synthetic asset protocol Kresko announces closure due to deteriorating health of founder.