ARB

DeltaPrime DeFi Protocol Lost $5.9M in Ongoing Exploit: Report

A hacker gained control of the admin private key on the Arbitrum blockchain and has drained pools of various tokens, converting them to Ethereum.

BSCN

September 16, 2024

DeltaPrime, a decentralized finance (DeFi) protocol, lost around $5.9 million worth of various tokens due to an apparent private key leak, according to Cyvers Alerts.

🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!

So far $5.93M has been drained!

Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024

The exploit has primarily affected DeltaPrime's operations on the Arbitrum blockchain, with losses expected to rise.

Exploit Details

The breach occurred when a hacker gained control of the admin private key for DeltaPrime's proxies. This key, associated with the address 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, allowed the attacker to redirect funds to a malicious contract identified as 0xD4CA224a176A59ed1a346FA86C3e921e01659E73.

Per reports, the hacker’s actions included draining pools like DPUSDC, DPARB, and DPBTCb. Cyvers reported that the stolen funds were converted from USDC to Ethereum (ETH).

As of the latest reports, the estimated loss is approximately $5.93 million; however, this figure may increase as the suspicious address continues to drain funds.

“Hacker took control of the wallet which is the admin of Delta Prime proxy contacts, later on, upgraded these contracts to point to his malicious contract this enabled the hacker to drain Delta Prime pools on Arbitrum chain. Total loss is 5.9 million USD,” Meir Dolev, CTO, CyVers, told BSCN.

The DeltaPrime team has yet to comment publicly on the incident, and it remains unclear whether the protocol’s deployment on the Avalanche network is also vulnerable.

Background on DeltaPrime

DeltaPrime launched on the Avalanche network in January 2023 and quickly became notable for its substantial total value locked (TVL), which exceeded $64 million before the exploit. The protocol also unlocked more than $20 million in liquidity.

It received significant backing from investors such as Avalanche, GSR Capital, Moonhill Capital, and Uplift.

The recent breach has led to a 6% drop in DeltaPrime’s native token, PRIME, which is now trading at $1. Blockchain investigator ZachXBT noted that DeltaPrime had previously employed IT workers from North Korea, according to Crypto(.)news. While these personnel have been removed, the connection between the hack and North Korea remains uncertain.

The incident is part of a worrying trend in the cryptocurrency world. Data from TRM Labs indicates that stolen crypto surged to $1.38 billion in the first half of 2024, more than double the amount stolen during the same period in 2023.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].