DeltaPrime, a decentralized finance (DeFi) protocol, lost around $5.9 million worth of various tokens due to an apparent private key leak, according to Cyvers Alerts. 

The exploit has primarily affected DeltaPrime's operations on the Arbitrum blockchain, with losses expected to rise.

Exploit Details

The breach occurred when a hacker gained control of the admin private key for DeltaPrime's proxies. This key, associated with the address 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, allowed the attacker to redirect funds to a malicious contract identified as 0xD4CA224a176A59ed1a346FA86C3e921e01659E73. 

Per reports, the hacker’s actions included draining pools like DPUSDC, DPARB, and DPBTCb. Cyvers reported that the stolen funds were converted from USDC to Ethereum (ETH).

As of the latest reports, the estimated loss is approximately $5.93 million; however, this figure may increase as the suspicious address continues to drain funds. 

“Hacker took control of the wallet which is the admin of Delta Prime proxy contacts, later on, upgraded these contracts to point to his malicious contract this enabled the hacker to drain Delta Prime pools on Arbitrum chain. Total loss is  5.9 million USD,” Meir Dolev, CTO, CyVers, told BSCN.

The DeltaPrime team has yet to comment publicly on the incident, and it remains unclear whether the protocol’s deployment on the Avalanche network is also vulnerable.

Background on DeltaPrime

DeltaPrime launched on the Avalanche network in January 2023 and quickly became notable for its substantial total value locked (TVL), which exceeded $64 million before the exploit. The protocol also unlocked more than $20 million in liquidity. 

It received significant backing from investors such as Avalanche, GSR Capital, Moonhill Capital, and Uplift.

The recent breach has led to a 6% drop in DeltaPrime’s native token, PRIME, which is now trading at $1. Blockchain investigator ZachXBT noted that DeltaPrime had previously employed IT workers from North Korea, according to Crypto(.)news. While these personnel have been removed, the connection between the hack and North Korea remains uncertain.

The incident is part of a worrying trend in the cryptocurrency world. Data from TRM Labs indicates that stolen crypto surged to $1.38 billion in the first half of 2024, more than double the amount stolen during the same period in 2023.