The attack is believed to have occurred due to a private key exploit.
DeltaPrime, a decentralized finance (DeFi) platform operating on the Arbitrum chain, has reportedly been compromised in a significant cybersecurity breach.
Initially, the attack resulted in a loss of approximately $4.5 million, but subsequent malicious transactions have escalated the total damage to nearly $6 million.
Attack Details
On-chain security firm Cyvers confirmed the incident, noting “multiple suspicious transactions” linked to the DeltaPrime platform. The affected pools include those holding USDC USDC $1.00 24h volatility: 0.0% Market cap: $61.96 B Vol. 24h: $8.36 B stablecoins, Arbitrum’s ARB ARB $0.33 24h volatility: 4.0% Market cap: $1.56 B Vol. 24h: $116.65 M , and Bitcoin BTC $94 703 24h volatility: 0.3% Market cap: $1.88 T Vol. 24h: $23.26 B .
🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!So far $5.93M has been drained!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024
The attack is believed to have occurred due to a private key exploit. According to Meir Dolev, CTO of Cyvers, the hackers gained control of DeltaPrime’s admin wallet, which manages the platform’s proxy contracts. By redirecting these contracts to a malicious contract, the attackers were able to drain DeltaPrime’s pools on Arbitrum, resulting in the nearly $6 million theft.
The stolen funds have been converted from USD Coin (USDC) to Ethereum ETH $1 798 24h volatility: 1.7% Market cap: $217.05 B Vol. 24h: $12.61 B . DeltaPrime operates on both Arbitrum and Avalanche network. As of now, there are no reports of similar vulnerabilities affecting the Avalanche-based operations. The attack has led to a significant drop in the platform’s native token, PRIME, which fell by 6% to $1.
Ongoing Investigation
The exact details of how the private key was compromised are still being investigated. Blockchain analyst ZachXBT noted that DeltaPrime had previously employed IT workers from North Korea, though the relevance of this fact to the current breach is unclear. As of now, DeltaPrime has not issued a formal statement addressing the breach.
North Korean hackers have increasingly been linked to large-scale cyberattacks targeting cryptocurrency exchanges. The US government has connected North Korean cybercriminals to several major hacks, including the $600 million Axie Infinity theft in 2022. The United Nations has accused North Korea of using cyberattacks to fund its nuclear and missile programs. North Korea has denied these allegations.
Along with the rising hacks, crypto mixer Tornado Cash has experienced rising activity, as it continues to be used by cybercriminals to obscure the origins of stolen cryptocurrency. This increased usage complicates efforts by authorities to trace and recover illicit funds.
Rising Trend of Crypto Hacks
The attack comes only two months after the massive breach of Indian cryptocurrency exchange WazirX, where hackers stole over $230 million. These recent high-profile hacks are part of a larger trend in the rising number of cryptocurrency attacks in 2024. Blockchain researchers TRM Labs reported that the amount of cryptocurrency stolen globally more than doubled in the first half of 2024, with hackers stealing over $1.38 billion by June, compared to $657 million in the same period in 2023.
As the investigation progresses, the crypto community will be closely monitoring DeltaPrime’s response and any steps taken to prevent future breaches.
next