Prisma Finance Identifies an $11.6 Million Flaw

The lending protocol Prisma Finance was compromised due to vulnerabilities in two MigrateTroveZap smart contracts, enabling the theft of funds secured as loan collateral.

MigrateTroveZap smart contracts facilitate the migration of users' debt positions to new TroveManager contracts. Normally, MigrateTroveZap would swiftly close an old loan and establish a new one with the same debt and collateral levels.

However, hackers manipulated the MigrateTroveZap by issuing specialized requests, compelling the contract to settle existing loans and open new ones with lesser collateral. The perpetrators pocketed the difference.

Prisma tracked down three accounts involved in this scheme, with one managing to steal about 3,257 ETH, and the other two securing 121 and 52 wstETH, cumulatively leading to an $11.6 million loss.

Immediately upon detecting this flaw, the team suspended the protocol's operations.

Currently, $540,000 in user funds remain at risk, pending the withdrawal of the respective permissions.

📣 Prisma Finance Identifies an $11.6 Million Flaw

Subscribe to our newsletter

Subscribe to our newsletter

More breaking news

More breaking news

✨ Mastercard: Setting the Pace in the Banking Blockchain Race

📣 Microsoft Releases AI Tool for U.S. Intelligence Agencies

🌋 LayerZero: Label Your Sybil Address, Get Rewarded

Recommended

What Is Orbiter Finance and How to Get its Airdrop?

What problems does blockchain solve in different industries?

WSM: The Meme Token of the Wall Street Memes Project