[PRFC] Victim Repayment Plan


As we are all aware, Prisma DAO experienced an exploit on March 28th, that caused a loss of approximately $12m and led to the protocol being paused. Since then, the DAO has voted to resume the protocol, and to reduce mkUSD fees paid out to vePrisma lockers by 50%.

As of now, the stolen funds have gone through a mixing service, and the attacker has been identified by ZachXBT as being involved in other blackhat exploits. So, it falls on the DAO to decide how to proceed.

Currently (at time of writing), the Prisma fee receiver contract holds 1,763,195 mkUSD and 1,801,895 PRISMA, combined worth approximately $2m.

It would not be in the DAO’s best interest to market sell PRISMA tokens, as the price has greatly suffered as a result of this exploit, and further devaluing the token reduces the protocol’s ability to continue to earn fees to eventually recover the current $10m shortfall.

It is also not possible to spend the entirety of the mkUSD in the fee receiver at once, as vePrisma lockers are due $80k per epoch from this contract.


There has been lots of feedback in the discord channel regarding the best path forward. The goal of this proposal is to combine some of these ideas to create an expedient reimbursement plan for affected users. If we were to redirect the 50% of fees (80k mkUSD) from vePrisma to purchase ETH for affected users, it would take nearly 3 years to complete at current ETH prices, and could be much longer if ETH market increases in value.

Every day that goes by is lost opportunity for the affected users who would otherwise be receiving rewards APR, or able to make use of their funds in other ways.

It would be in the best interest of the DAO to make affected users whole as soon as possible, to restore faith in the protocol and to allow the protocol to continue to grow. I believe this can be accomplished much sooner by tokenizing compensation claims, and offering PRISMA emissions in addition to ETH payments.

Many users still have confidence in the project, and I believe there would be demand to purchase tokenized positions. This would provide liquidity to allow affected users to be made whole sooner. It would also boost confidence in the protocol, which is essential for paying back victims and for the long-term success of Prisma.

Proposed Course of Action:

  1. Create an immediate swap of mkUSD for ETH, to be distributed to affected users as soon as initial vote has passed. This is important, as affected user tranches are close to being at risk of liquidation.

  2. Tokenize remainder of losses as a new mkPAY token. This would allow affected users to choose to hold and receive payouts, or to sell their mkPAY tokens to confident parties who are willing to speculate on the future ETH payments and prisma emissions.

  3. Swap an allocation of mkUSD to ETH each epoch from the fee receiver, to be used as a streaming claim to mkPAY token holders. The swap mechanism would be a contract that uses an ETH price oracle to allow MEV to facilitate the tx automatically each week, to allow for trustless dependable payments. This same method is already being used for converting LST redemption fees into ETH.

  4. Add mkPAY contract as a PRISMA emission receiver.

  5. Allocate a DAO decided amount of PRISMA tokens as vote incentives, to ensure the contract receives weekly emissions.

  6. Create UI page breaking down the current status of the mkPAY contract, remaining debt to be paid, and the current weekly budget for mkUSD to ETH swaps.

The ETH would be considered payment towards principal, while the PRISMA emissions would be to make up for lost opportunity, and to create demand for secondary market buyers to purchase mkPAY tokens from affected users.

The DAO would be able to vote on the weekly budget for mkUSD ETH swap and for PRISMA vote incentives, to adjust for market and protocol conditions if needed.

  1. If funds are recovered from attacker at any time, hold a vote to complete repayment to mkPAY holders, disable transfers to prevent secondary orders (that were placed before repayment) from being filled, and to decide when to end prisma emissions.

** Debt obligation is directly linked to the mkPAY token. Selling or transferring the token forefeits any future claim rights (beyond what is earned before time of transfer), as those rights are transferred along with the token.

Proposed Budget:

It will be up to the DAO to decide the budget for the mkUSD to ETH swaps, and for the PRISMA vote incentives.

I recommend 250k mkUSD for step 1 initial repayment, and a budget of 100k mkUSD and 10k PRISMA per epoch, to be revisited every 3-6 months to adjust for market and protocol conditions, as deemed necessary by the DAO.

Summary, and secondary market considerations:

By tokenizing positions of affected users, we can expedite the reimbursement process, and restore faith in the protocol. This would allow affected users to potentially be made whole much sooner through secondary market sales of mkPAY tokens, and would allow the protocol to continue to grow and recover from the exploit.

It allows confident users to speculate on mkPAY tokens remaining value and to make secondary market offers to affected users who may need immediate liquidity.

Due to the nature of mkPAY tokens, it would not be well suited for AMM markets, for multiple reasons. Since it is a debt bearing token, AMM markets would not be able to claim any payments. In addition to this, affected users are not explicitly making the choice when to buy or sell in an AMM format. If the receiver were focused around an LP token, it would create an opportunity for LP depositors to siphon payments from affected users.

To prevent AMM contracts or other defi contracts from earning payments that cannot be claimed, it is recommended to create a contract allow-or-deny list for streaming payments. This would allow the DAO to limit which smart contracts are eligible, to prevent claims from being allocated to contracts that are unable to claim them.

Fill-or-kill limit orders, such as those offered by Cowswap, are a much better fit for this type of token. This would allow affected users to set a price they are willing to sell at and to receive immediate payment if a buyer is willing to pay that price. This would also allow buyers to set a price they are willing to pay, and to receive delivery of the mkPAY tokens if a seller accepts their offer.

Payments and emissions claims stream to the wallet holding the tokens, so fill-or-kill markets that allow users to retain custody are recommended. This way, a token holder may sell their token, and then claim any remaining payments or emissions that are due to them, while the purchaser immediately begins accruing payments and emissions at time of sale. This also allows for the DAO to distribute mkPAY tokens directly to affected users, without the need to stake or lock.

The mkPAY contract will also include a burn function, so that if the DAO ever votes to offer secondary market liquidity, any DAO acquired tokens can be burned, and the total outstanding debt can be lowered.

Disclosure: I am a dev for Votium, and this proposal includes a budget for vote incentives. The DAO can decide whether to use Votium, Hidden Hand, or a combination of both based on which platform is expected to offer better efficiency each epoch. I am a vePrisma, and vlCVX holder, but I am not one of the affected users of the security incident.

Please post feedback and any suggestions or concerns, as this is an important decision for the DAO to make, and all deserve to be heard. Thank you.


Great idea. Very well thought out. LFG

It’s a nice start! Maybe a bit too premature to have it as a PIP that could be executed, given negotiations may still be ongoing.

I would like to see a larger initial amount converted into ETH and distributed to the victims. Also, I’m not sure on the benefits of using weekly emissions as a form of repayment? How much does the constant sell pressure it would create on the prisma token concern you?

However, I think what we want from the repayment plan depends a lot on how much (if any) can be recovered from the hacker.

1 Like

Hi guys,

I previously shared my thoughts briefly in discord.

It’s a strong case that no tokenized recompensation plans were effective past the LEO/bitfinex centralised one, especially this is the case for DeFi protocols. BZx also tokenized losses & people determined that it would be unlikely that those losses would be repaid in any reasonable amount of time and they ended up facing a class action lawsuit.

DeFi examples:

BZx with p125 token -

Harvest.finance with grain token

Beanstalk and their token

This model has empirically shown to never amount to even coming close to repaying the victims, I strongly believe making a debt token sounds good in theory but works out less than optimally in practice especially for victims.

We should focus on doing whats possible and dispersing currently existing assets rather than anticipated future assets and revenue in the form of debt.

The top 5-6 whales excluded the sum of total losses in ETH are ~3 Million USD.

There are a total of 25 users affected, there is a case to be made to pay back each user up to 100k USD of funds and do a debt token for the remainder, this would make MOST users affected whole immediately, these amounts could be edited but the treasury should be able to handle it.

Barring the exception of the funds being returned by the hacker maybe we could discuss the above in either this thread or a new one if you prefer I make a new proposal.

Thank you,



I like the idea. Prefer this proposal over original.

Downside is that it discourages whales from getting involved in future. If only my first $X is “protected” I’m heavily disincentized from putting more in.

I understand, I believe this incident to be an isolated scenario so I just wanted to propose something that made most users whole with what is possible.

interesting proposal and good points by @bt8

the risks of defi are numerous and one does not invest and assume a +100% APY is anywhere close to risk free.

i do not support crippling the protocol to make everyone whole if that means the protocol dies a slow death. I lost $$$ on a hack in the past (xtoken) and no big surprise the repayment plan didn’t work there either and the project is dead.

the underlying questions for me are- if we vote to enact this proposal, does more or less capital find its way to the protocol? will the additional debt overhang significantly hinder growth of the protocol to the point where the victims are happy but the protocol can no longer compete in the market?

i only want the protocol to survive and thrive …

1 Like

Hi Riptide,

The DeFi risks are indeed numerous, although in our case there was no +100% APY, it turns out users who overcollaterized (tried to play their positions safer) were among the most affected, and users with less collateral backing lost less in this hack.

I do not wish to see the protocol crippled either, it is in no ones interest to have that! I believe a plan that goes along the lines of my proposal would require a breakdown of what could render most users whole meanwhile allowing the team to have enough treasury left to cover ample runway. Only they would be able to tell us an approximate figure of what that would be and what they need.

I think from there a proposal can begin to form that tries to rely less on future debt.


Just want to point out that the treasury belongs to the DAO. This whole proposal and forum etc exists so that the DAO can determine what happens.


TLDR - debt token to help the victims, pros it can repay without significantly affecting the protocol, cons it is a gamble and historically hasn’t worked for similarly affected hacked communities. 25 wallets in total effected, estimated 20 of these wallets were a sum of 3 million loss. Alternative idea that is being embraced is to make the smaller wallets disproportionately affected whole, suggested amount cap of $15k for first epoch payment per affected wallet from converting mkUSD into Eth equivalent (not a bad idea with Eth price down right now 1 Eth = 1 Eth from a hack perspective). This would make approx 40-50% of the hacked victims (might be under estimated) whole, leaving the remaining victims/debt to be addressed with the above recommended debt token.
I personally have 3 wstEth lost in the hack, and this constitutes half of my entire (small) portfolio at the moment. 50% loss of portfolio disporrtionately affects me vs a $20 million wallet that lost $1 million is the idea behind this argument. My vote is for the cap payment idea of $15k max per affected wallet for first round, make the small wallets whole, get the rest in the debt token.

Here’s a table of actually losses and immediate repayment thresholds.

Given Prisma Fee receiver holds 1.7mm mkUSD, we can repay somewhere between 25-50 ETH without touching the prisma.

I suggest somewhere in the 25 ETH range, which would, make 4 people whole, another few accounts with minimal losses, and leave 600k mkUSD and all the existing prisma left for treasury.

Addresses Before After Change wStETH Conversion Rate Loss (in ETH) Repay up to 100 ETH Repay up to 50 ETH Repay up to 25 ETH
0x56A201b872B50bBdEe0021ed4D1bb36359D291ED 1745.08 463.18 -1281.9 1.1648 -1,493.157 -100.00 -50.00 -25.00
0xcbfdffd7a2819a47fcd07dfa8bcb8a5deacc9ea8 824.6 192.12 -632.48 1.1648 -736.713 -100.00 -50.00 -25.00
0xc487370895f6e8f5b62d99bf1472c95a94073379 377.2 95.6 -281.6 1.1648 -328.008 -100.00 -50.00 -25.00
0x9fceded3a0c838d1e73e88dde466f197df379f70 356.28 102.12 -254.16 1.1648 -296.046 -100.00 -50.00 -25.00
0x1b72bac3772050fdcaf468cce7e20deb3cb02d89 166.41 47.49 -118.92 1.1648 -138.518 -100.00 -50.00 -25.00
0x3b15cec2d922ab0ef74688bcc1056461049f89cb 107.18 18.89 -88.29 1.1648 -102.840 -100.00 -50.00 -25.00
0x16f570e93fdbc3a4865b7740deb052ee94d87e15 113.6 32.4 -81.2 1.1648 -94.582 -94.58 -50.00 -25.00
0x4a3fced7c536e39ca5292a024ee66c9b45b257ec 87.93 19.85 -68.08 1.1648 -79.300 -79.30 -50.00 -25.00
0xf8d1c9ab49219f7acf7b1d84705e5aea3b8ce0aa 70.3 17.85 -52.45 1.1648 -61.094 -61.09 -50.00 -25.00
0xf9ca66ef84c773fab422562ab41b1ee8d4397418 47.3 15.48 -31.82 1.1648 -37.064 -37.06 -37.06 -25.00
0xc47fae56f3702737b69ed615950c01217ec5c7c8 40 11.69 -28.31 1.1648 -32.975 -32.98 -32.98 -25.00
0x774bb9306df1cd921eb842b1388c78f75e6ef79f 172.18 149.36 -22.82 1.1648 -26.581 -26.58 -26.58 -25.00
0x19562df3e7fd2ae7af4e6bd288b04c2c90405212 31.22 9.15 -22.07 1.1648 -25.707 -25.71 -25.71 -25.00
0x1b004189e64d5b2f71d5be554470e6c49e10123b 21.74 5.98 -15.76 1.1648 -18.357 -18.36 -18.36 -18.36
0x3b82ee6c15b212ed69d5795bcd957e136eaa4bff 13.02 3.45 -9.57 1.1648 -11.147 -11.15 -11.15 -11.15
0x14b30b46ec4fa1a993806bd5dda4195c5a82353e 4.22 1.21 -3.01 1.1648 -3.506 -3.51 -3.51 -3.51
0x409c6c5ec5c479673f4c09fb80d0f182fcff643e 3.8 0.93 -2.87 1.1648 -3.343 -3.34 -3.34 -3.34
0x409c6c5ec5c479673f4c09fb80d0f182fcff643e 0.93 0.99 0.06 1.1648 0.000
0x3b82ee6c15b212ed69d5795bcd957e136eaa4bff 3.45 3.52 0.07 1.1648 0.000
0x409c6c5ec5c479673f4c09fb80d0f182fcff643e 0.99 1.06 0.07 1.1648 0.000
0x19562df3e7fd2ae7af4e6bd288b04c2c90405212 9.23 9.3 0.07 1.1648 0.000
0x3b15cec2d922ab0ef74688bcc1056461049f89cb 18.89 18.97 0.08 1.1648 0.000
0xf8d1c9ab49219f7acf7b1d84705e5aea3b8ce0aa 17.85 17.93 0.08 1.1648 0.000
0x19562df3e7fd2ae7af4e6bd288b04c2c90405212 9.15 9.23 0.08 1.1648 0.000
0xc47fae56f3702737b69ed615950c01217ec5c7c8 11.69 11.78 0.09 1.1648 0.000
Total in ETH -3,488.937 -993.66 -608.68 -361.35
Total in USD -10,815,705 -3,080,333 -1,886,910 -1,120,196

The table is a nice visual

Apart from the fee receiver (0xfdCE0267803C6a0D209D3721d2f01Fd618e9CBF8), are there any other addresses controlled by the DAO containing cryptoassets?


Just a note: If you take that much mkUSD and dump it for ETH, doesn’t it significantly drain the liquidity and hurt the peg? It’s something to consider.

We need to be really careful about that. Sure, you can say that you are going to do that in batches, but then the liquidity may run out, or we will have a lot of redemissions.

This needs to be considered. I like the plan with fixed reimbursement more, but we need to be careful with the numbers.


Should be easily resolvable by heavily bribing mkusd/ETH or mkusd/USDC pools for a few weeks. Probably USDC better because it attracts more TVL per unit emission and USDC/ETH trades with minimal slippage.

We easily got 1mm in mkusd/usdc TVL with 4.4% of voting power this epoch. Get it to 15-20% and we’ll easily have enough to swap with minimal slippage (perhaps even positive slippage if people without mkusd start trying to farm it with USDC)

Here is my proposal.

  1. We heavily incentivize mkUSD-USDC for a week or two to build TVL.
  2. We swap 1.1mm mkUSD to ETH, and distribute up to 25ETH per affected account. This repays smaller accounts (6 out of 17 accounts are almost fully repaid) and gets leaves 600k mkUSD in treasury and all the Prisma.
  3. The remainder lost gets the debt token airdropped according to Tommy’s instructions.

Hi guys, I made a new proposal based off the ideas discussed here by Tommy + Maximumpain and tried to make a simpler repayment plan

Made the change to PRFC since we haven’t moved to snapshot voting yet

This is not material too the plan, but IT IS material to the calculations. Hopefully the Prisma team does not rely exclusively on a forum post because some of the numbers aren’t accurate. No offense to the person who took the effort of creating the table, but here are a couple of corrections that the team should make (or even better do the math from on-chain).

Wallet 0x409c6c5ec5c479673f4c09fb80d0f182fcff643e is listed 3 times (I’m guessing hackers moved tokens more than once), but the actual difference should be in the rance of 2.81 ETH (3.8 before hack, 0.99 after).
Same for wallet 0x3b82ee6c15b212ed69d5795bcd957e136eaa4bff, who lost 9.5 ETH (from 13.02 to 3.52).
Wallet 0xf8d1c9ab49219f7acf7b1d84705e5aea3b8ce0aa lost about 52.37 ETH (from 70.3 to 17.93).

Team do your part and review both the estimated losses and what needs to returned.

I took the numbers from the post mortum table.

I didn’t check for duplicates. Any “gains” I just floored to zero. Apologies

Nothing to apologize and thank you for doing the work in the first place.

I checked 3 wallets that were in more than 1 hack, but not all the numbers for everyone.

Does someone have the exact numbers for each hack (past the two decimals) and we can do a more precise calculation? I’m happy to “run the numbers” if someone can provide the raw information