TLDR:
- DeltaPrime, a crypto broker, lost over $6 million due to a private key leak
- The exploit affected only the Arbitrum version of the project
- A hacker gained control of an admin proxy, redirecting it to a malicious contract
- This is DeltaPrime’s second hack in two months, following a $1 million loss in July
- There are allegations of previous links between DeltaPrime and North Korean IT workers
On September 16, 2024, DeltaPrime, a decentralized borrowing protocol and crypto broker, experienced a significant security breach resulting in the loss of over $6 million in various tokens. The exploit, which affected only the Arbitrum version of the project, was reportedly caused by a private key leak.
Security researchers identified the issue early Monday morning, noting that the hacker had gained control of an admin proxy. This allowed the attacker to upgrade the proxies to point to a malicious contract, effectively draining funds from multiple pools on the platform.
The affected pools included DPUSDC, DPARB, and DPBTCb, which hold USDC stablecoins, Arbitrum’s ARB, and bitcoin (BTC) respectively.
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
Cyvers, a blockchain security firm, confirmed the exploit in a message to CoinDesk, stating that they had detected “multiple suspicious transactions” involving DeltaPrime.
The firm suggested that the admin had lost control of the private key, leading to the unauthorized access.
As of European morning hours on the day of the attack, users were unable to withdraw funds from the Arbitrum version of DeltaPrime due to the platform’s borrowing and lending mechanisms.
The DeltaPrime team acknowledged the issue on their Discord channel and X account, stating that they were investigating and working to resolve the problem.
DeltaPrime Blue exploited, this is the current status:
At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
DeltaPrime Red (Avalanche) is not vulnerable…
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024
This incident marks the second security breach for DeltaPrime in recent months. In July 2024, the protocol suffered a $1 million hack due to a misconfiguration that allowed an attacker to transfer ownership of accounts, repay loans, and withdraw collateral.
Following that attack, DeltaPrime claimed to have re-audited its code and resolved the issue, as well as compensating affected users.
The repeated security breaches have raised concerns about DeltaPrime’s overall security measures. Adding to these concerns are allegations made by blockchain investigator ZachXBT, who claimed that DeltaPrime had previously hired North Korean IT workers.
While DeltaPrime reportedly removed the flagged individuals after being warned, the potential connection between the recent hack and North Korea remains unclear.
North Korean hackers have been linked to several high-profile crypto hacks in the past, including a $235 million breach at WazirX and a $20 million exploit at the Indodax exchange. These actors are known to infiltrate crypto firms to gain insider access, which they then use to carry out targeted exploits.
In the aftermath of the latest attack, DeltaPrime’s native token, PRIME, experienced a 6.5% drop in value over 24 hours, aligning with a broader market decline led by Ethereum (ETH).