TLDR:
- DeltaPrime has suffered a loss exceeding $6 million following an unauthorized private key exposure.
- The breach was confined exclusively to the Arbitrum iteration of the platform.
- An attacker manipulated an admin proxy to reroute commands to a harmful contract.
- This incident is the second major security violation DeltaPrime has endured in two months, including a $1 million hack that occurred in July.
- There are claims linking DeltaPrime's past collaborations with North Korean technology experts.
On September 16, 2024, DeltaPrime, operating as a decentralized borrowing protocol and crypto brokerage, faced a substantial security leak resulting in a loss exceeding $6 million in multiple tokens. This weakness appeared solely within the Arbitrum version of the operation and stemmed from a private key vulnerability.
Security analysts flagged the problem on Monday morning, revealing that an attacker had seized an admin proxy, enabling them to modify proxies to align with a malicious contract, thereby draining assets from numerous pools on the service.
Affected pools were DPUSDC, DPARB, and DPBTCb, which had holdings in USDC stablecoins, Arbitrum’s ARB, and bitcoin (BTC) respectively.
Delta Prime @DeltaPrimeDefi Private key managing administrative functions was leaked, culminating in all pools being emptied. A loss totaling $7 million ensued. Immediate withdrawals were urged. https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
The blockchain security entity, Cyvers, verified the breach, indicating they had tracked numerous dubious transactions linked to DeltaPrime. in a message to CoinDesk The security firm proposed that a loss of control over the private key by the admin permitted the unauthorized access.
By the time morning rolled around in Europe on the attack day, users were impeded from withdrawing funds from DeltaPrime’s Arbitrum platform, owing to its particular borrowing and lending framework.
DeltaPrime's team addressed the situation via their Discord channel and X profile, disclosing that they were delving into the issue and striving towards remediation.
DeltaPrime Blue was exploited, and here’s the latest update:
At 6:14 AM CET, DeltaPrime Blue (Arbitrum) faced an attack resulting in a liquidation of $5.98 million. A compromised private key was the culprit, with inquiries into its origin ongoing.
DeltaPrime Red (Avalanche) demonstrates stability, remaining unaffected...
This saga marks DeltaPrime’s second notable security mishap recently. In July 2024, a $1 million infiltration transpired due to misconfigured systems, granting an attacker unauthorized powers to alter account ownership, repay debts, and extract collateral.
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024
Reacting to the prior breach, DeltaPrime announced a comprehensive audit of its systems, addressing and rectifying the vulnerability while offering reparations to impacted users.
Recurrent security lapses have raised red flags concerning DeltaPrime’s protective strategies. Compounding these worries are detectives' claims from blockchain investigator ZachXBT about DeltaPrime's hiring of North Korean IT specialists.
Allegedly, DeltaPrime laid off the implicated staff following warnings, though the possible link to the recent breach and North Korean entities remains ambiguous.
North Korean hackers have a history of orchestrating high-profile cryptocurrency thefts,
exemplified by a $235 million loss at WazirX and a $20 million breach at the Indodax exchange. These operatives are adept at infiltrating cryptocurrency firms to acquire insider access for exploiting attacks. Post the latest event, DeltaPrime’s PRIME token witnessed a 6.5% value drop over a day, paralleling a more extensive market contraction led by Ethereum (ETH).
Editor-in-Chief of Blockonomi and initiator of Kooc Media, a UK-headquartered online media entity. An advocate for Open-Source Software, Blockchain Technology & a revolutionary, equitable Internet.
