DeltaPrime Suffers $4.8 Million Theft in ARB and AVAX Tokens

On November 11, the DeFi liquidity protocol DeltaPrime fell victim to a hack, resulting in the loss of Arbitrum (ARB) and Avalanche (AVAX) tokens valued at $4.75 million. Users have been advised to revoke permissions for active smart contracts.

According to analysts at PeckShield, the exploit occurred due to a lack of input validation when claiming rewards.

Specifically, the hacker used a malicious variable to replace the collateral asset with the reward. This allowed the theft of the initial collateral for borrowing funds, leaving the debt unpaid.

Today’s @DeltaPrimeDefi exploit leads to $4.8m loss. Since affected pools are now paused, we share our initial analysis below.

The exploit is made possible due to the lack of input validation in claiming possible rewards. Specifically, the exploiter provides an evil pair in… https://t.co/PH0yk9G3kP pic.twitter.com/upJVlJcVrL

— PeckShield Inc. (@peckshield) November 11, 2024

Researchers also noted that the perpetrator added liquidity amounting to ~$1.3 million to the DeFi platform LFJ (formerly Trader Joe) and farmed USDC worth ~$600,000 via the cross-chain bridge Stargate.

DeltaPrime @DeltaPrimeDefi has been exploited for ~$4.8M worth of crypto on both #ARB & #AVAX.
The exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate pic.twitter.com/IYKs6CujlA

— PeckShield Inc. (@peckshield) November 11, 2024

DeltaPrime confirmed the incident and has suspended operations on the Arbitrum and Avalanche networks.

DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.

With the protocol being paused on both chains, the risk is contained. We will provide updates asap.

— DeltaPrime (@DeltaPrimeDefi) November 11, 2024

To prevent further losses, users are advised to revoke approval of active contracts using the Revoke service.

This marks the second hack of DeltaPrime this autumn. In September, a private key leak on the Arbitrum network led to a $6 million theft. Analyst ZachXBT speculated that North Korean hackers, posing as Canadian and Japanese citizens, were once part of the DeltaPrime team.

As reported by PeckShield, in October, the crypto industry suffered losses of ~$88.47 million due to 20 hacking incidents.

The largest incident last month was the hack of the lending protocol Radiant Capital, resulting in a $53 million loss.