Crypto Broker DeltaPrime Suffers $6 Million Hack

Highlights:

• DeltaPrime faces a nearly $6 million loss following suspicious transactions.
• Web3 security firm CyVers warns that the attacker is still draining funds.
• On-chain researcher ZachXBT suggests possible links to North Korean IT workers.

DeltaPrime, a decentralized borrowing protocol supported by Avalanche and GSR Markets, was hacked for at least $6 million due to a suspected leak of the admin’s private key. According to on-chain security platform Cyvers in a Sept. 16 X post, the platform initially lost around $4.5 million.

Cyvers stated:

“Suspicious address already swapped USDC to ETH! Total estimated loss is around $4.5M so far! however, a suspicious address is still draining the pools! Total loss might increase!”

However, Chaofan Shou, co-founder of Fuzzland, noted in a Sept. 16 X post that another wave of malicious transactions has increased Delta Prima’s stolen amount to nearly $6 million.

Private Key Exploit Suspected in Recent DeltaPrime Attack

The stolen funds from the attack amount to nearly $6 million, with the possibility of further losses. According to Meir Dolev, Cyvers’s CTO, the attack likely stemmed from a private key exploit.

🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!

So far $5.93M has been drained!

Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024

The exact details of the private key breach are still unclear, but blockchain investigator ZachXBT noted that DeltaPrime had previously hired North Korean IT workers. However, the analyst emphasized that all flagged personnel have been removed, leaving unresolved questions about a potential connection between the hack and North Korea.

In an X post, blockchain researchers at Cyvers Alerts highlighted that the hack targeted the protocol’s Arbitrum version. They also noted that the hacker had already converted the stolen USD Coin (USDC) into Ethereum (ETH).

Cyvers noted:

“It seems that admin has lost the private key. Suspicious address still draining the pools! Affected pools so far are the DPUSDC, DPARB, DPBTCb!”

Besides Arbitrum, DeltaPrime also operates a protocol on the Avalanche network, though there are no reports of it being vulnerable to attacks. After the hack, DeltaPrime’s native token, PRIME, fell 5.4% to $1.01. As of now, the DeltaPrime team has not issued any public statements on the situation.

DeltaPrime, launched on the Avalanche network in January 2023, initially attracted over $63 million in total value locked and unlocked more than $20 million in liquidity, according to its official website. The protocol received funding from Avalanche, GSR Capital, Moonhill Capital, and Uplift, among others.

Crypto Hacks and Frauds Surge in 2024

A recent Immunefi report reveals a sharp increase in crypto hacks and fraud in Q2 2024, with total losses hitting $572.7 million—up 112% from the same period in 2023. Hacks accounted for 98.5% of these losses, primarily affecting centralized finance (CeFi) platforms. Ethereum was the most targeted network, followed by the BNB Chain. Notably, two major incidents—a $305 million theft from Japan’s DMM Bitcoin and a $55 million loss from Turkey’s BtcTurk—made up 62.8% of the total losses.

Mitchell Amador, Founder and CEO of Immunefi, emphasized the crucial need for strong security measures, pointing out that infrastructure breaches can result in significant damage. Despite the overall rise in losses, fraud-related losses dropped by 81% compared to Q2 2023, and about 5% of the stolen funds were recovered.