Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 186Flash Loan Attack

Prisma Finance MigrateTroveZap

$11M drained from Prisma Finance's Trove migration helper after the attacker bypassed migrate() and called flashloan() directly, later demanding an apology.

Date
Victim
Prisma Finance
Chain(s)
Ethereum
Status
Funds Stolen

On March 28, 2024 at 11:25 UTC, the LSD-backed stablecoin protocol Prisma Finance lost approximately $11.6 million when an attacker exploited the MigrateTroveZap helper contract — a utility built to let users migrate their Trove positions between contract versions in a single atomic transaction.

What happened

Prisma's MigrateTroveZap was designed to streamline migrations from old TroveManager contracts to new ones. The intended flow:

  1. User calls migrate() on the Zap with their old Trove position.
  2. The Zap takes a flash loan of the user's outstanding debt.
  3. Uses the flash-loaned funds to close the old Trove and reclaim collateral.
  4. Opens a new Trove with the same collateral and debt in the new TroveManager.
  5. Uses the new Trove's borrowed funds to repay the flash loan, all in one transaction.

The Zap exposed both the high-level migrate() entrypoint and the underlying flashloan() receiver function that the flash-loan provider called back into. The receiver was supposed to be triggered only when called from within migrate(), but the receiver did not validate that it had been invoked through the migration flow.

The attacker:

  1. Called flashloan() directly with carefully crafted input data.
  2. Manipulated the position parameters so that the collateral in the "new position" was different from the collateral in the "old position" by a controlled amount.
  3. Pocketed the difference as the migration "completed" with mismatched accounting.

Net loss: 3,257 ETH ($11M) drained from Trove owners across multiple positions.

Aftermath

  • Prisma paused affected contracts and shipped a fixed Zap with proper caller validation.
  • The attacker engaged in on-chain dialogue with the Prisma deployer, framing the exploit as a "white-hat rescue" and demanding a public apology from the Prisma team before releasing funds — an unusual posture.
  • Over $2.5M was sent to Tornado Cash during the negotiation, undermining the white-hat framing significantly.
  • Partial restitution occurred via on-chain agreement; the bulk of the loss was never recovered.

Why it matters

Prisma's incident illustrates a recurring DeFi pattern: flash-loan callback functions are part of the trust boundary. If a contract exposes a callback that any flash-loan provider can trigger, that callback must validate its own caller and context — not just trust that the legitimate entrypoint was used. The same class of bug recurs at every protocol that integrates flash loans via callback-style hooks without explicit caller-context checks.

The Prisma episode is also a notable example of attacker posturing during negotiation — the public demand for an apology was unusual enough to be discussed widely, but the parallel movement of funds to Tornado Cash made clear that the "white-hat" framing was opportunistic.

Sources & on-chain evidence

  1. [01]hackmd.iohttps://hackmd.io/@PrismaRisk/PostMortem0328
  2. [02]blog.cube3.aihttps://blog.cube3.ai/2024/03/28/prisma-finance-hack-crypto-exploit-analysis-postmortem-11-million/
  3. [03]theblock.cohttps://www.theblock.co/post/285776/prisma-finance-hacker-defends-exploit-demands-public-apology

Related filings