← PrismaLST1 decision on this page

Audit log

Every state-changing event for PrismaLST: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-20 15:27:01Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 421,012,601
sig
2vGoVP3RXqsM…U8RfJVDRexplorer ↗
hash
87GaV9gwajjL…ZyFf4qQKsha256 → base58
verifying row…full verify ↗
canonical bytes (6385 B) ▸
{"actor":"system:backfill","investigation_id":"3dce0aa8-69c3-4cb1-9c80-b11a0b3c6b92","kind":"publish","page_slug":"prismalst","published_at":"2026-05-20T15:27:01.740Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"PrismaLST","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://prisma-finance.medium.com/prisma-finance-liquid-staking-08127169ff46"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/defi/prisma-introduces-ultra-stablecoin-backed-by-liquid-restaking-tokens"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/prisma-finance"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://hackmd.io/@PrismaRisk/PostMortem0328"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/prisma-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://immunebytes.com/blog/prisma-finance-exploit-march-28-2024-detailed-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/prisma-finance-exploited-10-million"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/defi/prisma-finance-suffers-usd12-million-exploit"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coinspeaker.com/identity-prisma-finance-hacker/"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/blockchain-sleuth-uncovers-identity-of-prismafis-hacker-who-stole-11m/"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/285590/prismafi-hacker-moves-stolen-eth-tornado"},{"credibility":3,"name":"","type":"other","url":"https://hackmd.io/@PrismaRisk/PostMortem0328"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/285776/prisma-finance-hacker-defends-exploit-demands-public-apology"},{"credibility":3,"name":"","type":"other","url":"https://cryptobriefing.com/prisma-finance-hacker-apology-demand/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/prisma-finance-540k-still-at-risk-hack-exploit-smart-contract"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/prisma-finance-protocol-restart-dao-vote"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/prisma-finance-gains-strong-community-support-for-protocol-restart-with-dao-approval/"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/prisma-finance"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://olympix.ai/blog/prismas-11-6m-exploit-was-a-trust-trap-and-olympix-would-have-triggered-it"},{"credibility":3,"name":"","type":"other","url":"https://quadrigainitiative.com/casestudy/prismafinancetrovemanagerexploit.php"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/prisma-finances-11-6-million-exploit-leads-to-asset-value-plummet-mkusd-stablecoin-instability/"},{"credibility":3,"name":"","type":"other","url":"https://www.fxstreet.com/cryptocurrencies/news/prisma-finance-hacker-could-be-uncovered-after-investigations-by-on-chain-analyst-202404162351"}]}],"sources_used":[],"summary":"Prisma Finance is a Liquity-forked, Ethereum-based DeFi protocol that allowed users to mint overcollateralized stablecoins (mkUSD and ULTRA) against liquid staking tokens (LSTs) such as wstETH, rETH, sfrxETH, and cbETH. On March 28, 2024, a critical vulnerability in the protocol's MigrateTroveZap helper contract was exploited for approximately $11.6 million, with a total loss across all attacker wallets of roughly $12.3 million; the primary exploiter sent the majority of stolen funds through Tornado Cash while claiming a 'whitehat rescue,' and as of 2026 the protocol's TVL has collapsed from a pre-exploit peak of approximately $220 million to under $300K.","timeline":[{"date":"2023-09-01","event":"Prisma Finance launches on Ethereum mainnet, offering LST-backed stablecoin minting via mkUSD.","source":""},{"date":"2024-01-01","event":"Prisma introduces ULTRA, a second stablecoin backed by liquid restaking tokens (LRTs).","source":""},{"date":"2024-03-28","event":"Exploit begins at 11:25 UTC. Primary attacker (EOA 0x7E39E3B3ff7ADef2613d5Cc49558EAB74B9a4202) exploits MigrateTroveZap vulnerability, draining approximately $11.6 million. Two copycat attackers follow, bringing total losses to approximately $12.3 million.","source":""},{"date":"2024-03-28","event":"Emergency multisig pauses Prisma protocol at 12:51 UTC. Official post states mkUSD and ULTRA stablecoins remain overcollateralized and are not at immediate risk.","source":""},{"date":"2024-03-29","event":"Attacker-linked wallets begin routing stolen ETH through Tornado Cash. Approximately 1,850 ETH confirmed through the mixing protocol.","source":""},{"date":"2024-03-31","event":"Primary attacker sends on-chain messages claiming 'white hat rescue' and demanding a public press conference, team doxing, and a formal apology before discussing fund return.","source":""},{"date":"2024-04-01","event":"Prisma Finance confirms approximately $540,000 in user funds remain at risk. Disputes attacker's white hat framing given Tornado Cash deposits.","source":""},{"date":"2024-04-05","event":"Core contributor Frank Olson proposes plan to safely unpause the protocol. DAO governance vote yields 100% approval to resume operations.","source":""},{"date":"2024-04-06","event":"Prisma Finance resumes operations following a post-exploit security audit. Users can again deposit LST/LRT collateral and mint stablecoins.","source":""},{"date":"2024-04-16","event":"ZachXBT publishes investigation alleging identification of primary exploiter, linking wallet funding to FixedFloat, Bybit, and TRON withdrawals, and connecting the attacker to prior exploits including Arcade_xyz and Pine Protocol.","source":""},{"date":"2026-05-01","event":"DeFiLlama data shows Prisma Finance TVL below $300,000, down from a pre-exploit peak of approximately $220 million, indicating near-total user exit from the protocol.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision ee867975-1234-4214-b4cc-26ef47cfb280

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.