On September 16, the on-chain brokerage firm DeltaPrime lost over $6 million following a private key leak on the Arbitrum network. At the time of writing, the attack is ongoing, as reported by several researchers on X.
?ALERT?Our system has detected multiple suspicious transactions involving @DeltaPrimeDefi on $ARB chain! (Still ongoing)
It seems that admin has lost the private key. Suspicious address still draining the pools! Affected pools so far are the #DPUSDC, #DPARB, #DPBTCb !… pic.twitter.com/8sXanAaCwe
— ? Cyvers Alerts ? (@CyversAlerts) September 16, 2024
Analysts suggest that the hacker gained control over the administrative proxy server and redirected it to a malicious contract.
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
DeltaPrime operates on the Arbitrum and Avalanche blockchains. Currently, the incident is known to have affected only the version on the former network. Due to the platform’s borrowing and lending features, users were unable to withdraw funds.
The affected liquidity pools contain the stablecoin USDC, ARB, and Bitcoin. The hacker has already exchanged some of the “stablecoins” for ETH.
The DeltaPrime team confirmed the incident and has initiated an investigation.
DeltaPrime Blue exploited, this is the current status:
At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
DeltaPrime Red (Avalanche) is not vulnerable…
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024
“The risk is limited, we are working on asset recovery, and the insurance pool will cover any potential losses where possible/necessary. Additionally, we are exploring other ways to minimize user losses,” the developers wrote.
Analyst ZachXBT speculated that North Korean hackers, posing as Canadian and Japanese citizens, were once part of the DeltaPrime team.
Idk if related but they were one of the teams with the DPRK IT workers I reached out to warn (was told they were all removed) https://t.co/cJ85VwZbbh
— ZachXBT (@zachxbt) September 16, 2024
At the time of writing, the daily decline of the PRIME token stands at 5.4%—the coin is trading at $1.01, according to CoinGecko.
Earlier in September, the DeFi protocol Penpie lost $27 million due to an exploit.