Verify a decision

{"actor":"system:backfill","investigation_id":"661d5ad6-dffe-4aee-8e80-6c3992a1e1ac","kind":"publish","page_slug":"prisma-fi","published_at":"2026-05-30T18:33:20.521Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"PrismaFi","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://thedefiant.io/news/defi/prisma-finance-suffers-usd12-million-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/prisma-finances-11-6-million-exploit-leads-to-asset-value-plummet-mkusd-stablecoin-instability/","type":"other","url":""},{"credibility":3,"name":"https://www.cypherhunter.com/en/p/prisma-finance/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://hackmd.io/@PrismaRisk/PostMortem0328","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/prisma-finance-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/prismafi-rekt","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/prisma-finance-exploit-march-28-2024-detailed-analysis/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/285776/prisma-finance-hacker-defends-exploit-demands-public-apology","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/prisma-finance-hacker-apology-demand/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/prisma-finance-hacker-claims-whitehat-rescue-after-11-6-million-exploit/","type":"other","url":""},{"credibility":3,"name":"https://coingape.com/prisma-finance-hacker-moves-funds-to-tornado-cash/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/prisma-finances-11-6-million-exploit-leads-to-asset-value-plummet-mkusd-stablecoin-instability/","type":"other","url":""},{"credibility":3,"name":"https://cryptodaily.co.uk/news-in-crypto/thecryptotimes:prisma-finances-540k-still-at-risk-hacker-demands-apology","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/prisma-finance-suffers-usd12-million-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptotimes.io/2024/04/05/prisma-finance-plans-to-safely-restart-the-protocol-post-hack/","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/prisma-finance-gains-strong-community-support-for-protocol-restart-with-dao-approval/","type":"other","url":""},{"credibility":3,"name":"https://wavey.info/posts/2025/decomissioning-prisma-finance/","type":"other","url":""},{"credibility":3,"name":"https://gov.prismafinance.com/t/pip-035-a-path-forward-after-the-security-incident/157","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://gov.prismafinance.com/t/pip-46-shutdown-prisma-finance-introduce-resupply/232","type":"other","url":""},{"credibility":3,"name":"https://mirror.xyz/0x521CB9b35514E9c8a8a929C890bf1489F63B2C84/cAkCxXs0wF0feUz29E6CvF_7v3b9ghSLgf7_EkDfmn0","type":"other","url":""},{"credibility":3,"name":"https://wavey.info/posts/2025/decomissioning-prisma-finance/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/prisma-finance-protocol-restart-dao-vote","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/prisma-fi/audits","type":"other","url":""},{"credibility":3,"name":"https://docs.prismafinance.com/external-audits-and-security/audits","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/prisma-finance-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://hackmd.io/@PrismaRisk/PostMortem0328","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptobriefing.com/prisma-finance-hacker-apology-demand/","type":"other","url":""},{"credibility":3,"name":"https://wavey.info/posts/2025/decomissioning-prisma-finance/","type":"other","url":""},{"credibility":3,"name":"https://www.cypherhunter.com/en/p/prisma-finance/","type":"other","url":""}]}],"sources_used":[],"summary":"Prisma Finance was an Ethereum-based collateralized debt position (CDP) protocol that issued stablecoins (mkUSD and ULTRA) backed by liquid staking and restaking tokens (LRTs/LSTs). On March 28, 2024, a critical input validation flaw in the MigrateTroveZap contract was exploited via flash loan, resulting in the theft of approximately 3,479 ETH (~$12 million) from user vaults. Following the exploit, the core team effectively abandoned the protocol, which was subsequently shut down via DAO governance (PIP-46) and succeeded by Resupply Finance.","timeline":[{"date":"2023-01-01","event":"Prisma Finance launched on Ethereum mainnet as an LRT/LST-backed CDP stablecoin protocol, issuing mkUSD and ULTRA.","source":""},{"date":"2024-03-01","event":"Prisma Finance announced a system upgrade requiring users to migrate Trove positions to new TroveManager contracts; MigrateTroveZap contract deployed.","source":""},{"date":"2024-03-28","event":"At approximately 11:25 UTC, the primary attacker exploited a critical input validation flaw in the MigrateTroveZap contract using a flash loan, stealing approximately 3,479 ETH (~$12 million) from 25 victim wallets across three exploiter addresses.","source":""},{"date":"2024-03-28","event":"At 12:51 UTC, Prisma Finance's emergency multisig paused the protocol. TVL dropped ~40% from $236 million to $143 million. PRISMA token fell over 25%.","source":""},{"date":"2024-03-28","event":"The primary attacker posted an on-chain message claiming 'this is a white hat rescue' and requested contact information to arrange a refund.","source":""},{"date":"2024-03-28","event":"Prisma Finance directed the attacker to negotiations@prismafinance.com via on-chain message.","source":""},{"date":"2024-03-29","event":"The attacker publicly demanded a live public apology from the development team and insisted developers reveal their real identities as conditions for fund return discussions.","source":""},{"date":"2024-03-29","event":"Blockchain security firm Cyvers observed the attacker beginning to swap stolen funds to ETH; PeckShield reported approximately 200 ETH transferred to OFAC-sanctioned mixer Tornado Cash.","source":""},{"date":"2024-03-29","event":"A further 740 ETH reportedly transferred to a Tornado Cash-associated address, bringing total funds sent to mixers to over $2.5 million.","source":""},{"date":"2024-04-03","event":"Core contributor Frank Olson published a proposal (later PIP-035) to safely restart the Prisma protocol, including re-enabling LST/LRT deposits and stablecoin borrowing.","source":""},{"date":"2024-04-05","event":"The DAO voted 100% in favor of the protocol restart proposal.","source":""},{"date":"2024-04-07","event":"Prisma Finance announced resumption of operations with limited functionality restored.","source":""},{"date":"2024-12-01","event":"Resupply Finance launched as the successor protocol, issuing reUSD backed by crvUSD and frxUSD, with RSUP as its governance token.","source":""},{"date":"2025-01-02","event":"New PRISMA token emissions ceased. DAO proposal PIP-46 formally confirmed the shutdown of Prisma Finance and transition to Resupply Finance.","source":""},{"date":"2025-01-01","event":"Decommissioning of Prisma Finance completed by the Resupply team; less than $80,000 in debt remained, with mkUSD backed 1:1 by crvUSD via Peg Stability Modules.","source":""}]},"v":1}