Leak of the private key of the crypto broker DeltaPrime led to the loss of $6 million

[Friend]

On September 16, the on-chain brokerage company DeltaPrime lost over $6 million as a result of a private key leak on the Arbitrum network. At the time of writing, the attack continues. This was reported by a number of researchers in X.

ALERT Our system has detected multiple suspicious transactions involving @DeltaPrimeDefi on $ARB chain! (Still ongoing)

It seems that admin has lost the private key. Suspicious address still draining the pools! Affected pools so far are the #DPUSDC, #DPARB, #DPBTCb !… pic.twitter.com/8sXanAaCwe
— Cyvers Alerts (@CyversAlerts) September 16, 2024

https://twitter.com/x/status/1835568466901766208

According to analysts, the hacker gained control of the administrative proxy server and redirected it to a malicious contract.

Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024

https://twitter.com/x/status/1835554652777336975

DeltaPrime works on the Arbitrum and Avalanche blockchains. At the moment, it is known that the incident affected only the version in the first network. Due to the peculiarities of using borrowings and loans on the platform, users were unable to withdraw funds.

Liquidity pools containing the USDC stablecoin, ARB, and Bitcoin are affected. The hacker has already exchanged some of the "stablecoins" for ETH.

The DeltaPrime team confirmed the incident and launched an investigation.

DeltaPrime Blue exploited, this is the current status:

At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.

DeltaPrime Red (Avalanche) is not vulnerable…
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024

https://twitter.com/x/status/1835603279369125893

"The risk is limited, we are working to recover assets, and the insurance pool will cover any potential losses where possible/necessary. In addition, we are looking for other ways to minimize user losses", the developers wrote.

According to the ZachXBT analyst, hackers from the DPRK, posing as citizens of Canada and Japan, once worked as part of the DeltaPrime team.

Idk if related but they were one of the teams with the DPRK IT workers I reached out to warn (was told they were all removed) https://t.co/cJ85VwZbbh
— ZachXBT (@zachxbt) September 16, 2024

https://twitter.com/x/status/1835563015694917831

At the time of writing, the daily drop of the PRIME token is 5.4% - the coin is trading at $1.01, according to CoinGecko.

 

[KeepTrying]

You have time writing all that but you don't have time banning a scammer that didn't pay up on your deadline.
You dont ban a scammer that banned +1 guy today as well.
Good job.
Do i really need to follow you around telling you how to do your job? What the fuck are you doing here allowing this nigga scam new carders in this forum

 

[Man]

DeltaPrime Confirms ~$4.8 Million Theft of ARB and AVAX

On November 11, the DeFi liquidity protocol DeltaPrime lost $4.75 million worth of Arbitrum (ARB) and Avalanche (AVAX) tokens in a hack.

According to PeckShield analysts, the exploit occurred due to the lack of input validation when stamping bounties.

In particular, the hacker replaced the collateral asset with a reward using a malicious variable. In this way, he stole the initial collateral for borrowing funds, leaving the debt outstanding.

Today's @DeltaPrimeDefi exploit leads to $4.8m loss. Since affected pools are now paused, we share our initial analysis below.

The exploit is made possible due to the lack of input validation in claiming possible rewards. Specifically, the exploiter provides an evil pair in… https://t.co/PH0yk9G3kP pic.twitter.com/upJVlJcVrL
— PeckShield Inc. (@peckshield) November 11, 2024

https://twitter.com/x/status/1855910524460159197

The researchers also noticed that the attacker deposited ~$1.3 million worth of liquidity into the LFJ (formerly Trader Joe) DeFi platform and farmed ~$600,000 worth of USDC through the Stargate cross-chain bridge.

DeltaPrime @DeltaPrimeDefi has been exploited for ~$4.8M worth of crypto on both #ARB & #AVAX.
The exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate pic.twitter.com/IYKs6CujlA
— PeckShield Inc. (@peckshield) November 11, 2024

https://twitter.com/x/status/1855900790063607929

DeltaPrime confirmed the incident and suspended the protocol in the Arbitrum and Avalanche networks.

DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.

With the protocol being paused on both chains, the risk is contained. We will provide updates asap.
— DeltaPrime (@DeltaPrimeDefi) November 11, 2024

https://twitter.com/x/status/1855899502944903195

To prevent further losses, users are advised to revoke the approval of active contracts using the Revoke service.

This is the second DeltaPrime hack in the fall. In September, a leak of a private key in the Arbitrum network led to the theft of $6 million.

Recall that according to PeckShield, in October, as a result of 20 hacker attacks, the crypto industry suffered losses in the amount of ~$88.47 million.