Decentralized finance (DeFi) firm Prisma Finance says there’s still $540,000 of funds from accounts yet to revoke the smart contract responsible for last week’s $11.6 million exploit.

Meanwhile, the self-claimed “white hat” hacker behind the exploit says they will hold back the return of funds until the firm apologizes and reveals their team’s identity online.

In a “path forward” post on April 1, core contributor “Frank” said it will continue to chase for the return of funds, but the top priority is to unpause the protocol — but said it needed all users to ensure their wallets and positions were safe first.

The protocol suffered a multimillion-dollar exploit last week, which was later revealed to be the result of two MigrateTroveZap contracts, which were designed to migrate user positions from one trove manager to another, according to a post-mortem post from Prisma last updated on March 31.

However, Frank noted that there were still 14 remaining accounts that had yet to revoke the affected smart contract, five of which were still “at risk” with open trove positions totaling over $500,000.

Source: Prisma Finance

“Of the affected Troves several have revoked the contract containing the vulnerability with ~$540k of collateral still at risk at the time of writing.”

Prisma is a decentralized borrowing protocol that uses “troves” — Ethereum addresses — where users can take out and maintain loans.

The largest “at risk” address contains $484,380, while the other four carry between $7,120 and $22,080.

Remaining affected addresses from Prisma’s $11.6 million exploit. Source: Prisma Finance

Frank explained that part of its “path forward” was to “conserve additional reserves” while Prisma attempted to recover the stolen funds.

A new proposal was made on April 1 to reduce liquidity from POL and staked revenue from vePRISMA.

Prisma also stressed that the exploited contract was isolated from the core protocol and that it plans to restart it once the remaining user funds are safe.

ID yourselves and publicly apologize, exploiter demands

Meanwhile, the self-claimed “white hat” has accused the DeFi firm of failing to act in good faith and claims the funds won’t be returned unless it makes a public apology.

Part of that apology involves Prisma holding an online conference, in which the entire team must show their faces with ID and apologize to all users and investors for failing to properly audit its smart contract.

In a March 30 on-chain message, the exploiter wrote

“During that session, you must specifically present the mistake you made, which party audited the smart contract, and your plan to improve security in the future.”

The exploiter also wants Prisma to acknowledge they have “no responsibilities” in the ordeal and are only trying to help Prisma rectify its mistake.

On-chain messages sent from the hacker to Prisma Finance. Source: Etherscan

Prisma, however, fired back, pointing out that the exploiter has yet to return any funds to show good faith either, with the two sides then continuing to argue in on-chain messaging.

“There is little evidence that we can judge you on that you are sincere in your intention to return the assets. Most genuine white hats would have returned at least some of the funds by now.”

Related: Ethical hacker retrieves $5.4M for Curve Finance amid exploit

Since the attack, blockchain security firms Cyvers and Peckshield observed that the hacker had started swapping the stolen funds to Ether (ETH), and about 200 Ether was transferred to OFAC-sanctioned cryptocurrency mixer Tornado Cash.

Prior to the exploit, Prisma Finance had about $220 million in total value locked on its protocol, but that figure has plummeted to $87 million, according to DefiLlama.

Magazine: Should crypto projects ever negotiate with hackers? Probably