{"id":16990,"date":"2024-09-16T12:17:02","date_gmt":"2024-09-16T09:17:02","guid":{"rendered":"https:\/\/forklog.com\/en\/deltaprime-suffers-6-million-loss-due-to-private-key-leak\/"},"modified":"2024-09-16T12:17:02","modified_gmt":"2024-09-16T09:17:02","slug":"deltaprime-suffers-6-million-loss-due-to-private-key-leak","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/deltaprime-suffers-6-million-loss-due-to-private-key-leak\/","title":{"rendered":"DeltaPrime Suffers $6 Million Loss Due to Private Key Leak"},"content":{"rendered":"<p>On September 16, the on-chain brokerage firm DeltaPrime lost over $6 million following a private key leak on the Arbitrum network. At the time of writing, the attack is ongoing, as reported by several researchers on X.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?ALERT?Our system has detected multiple suspicious transactions involving <a href=\"https:\/\/twitter.com\/DeltaPrimeDefi?ref_src=twsrc%5Etfw\">@DeltaPrimeDefi<\/a> on <a href=\"https:\/\/twitter.com\/search?q=%24ARB&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ARB<\/a> chain! (Still ongoing)<\/p>\n<p>It seems that admin has lost the private key. Suspicious address still draining the pools! Affected pools so far are the <a href=\"https:\/\/twitter.com\/hashtag\/DPUSDC?src=hash&#038;ref_src=twsrc%5Etfw\">#DPUSDC<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/DPARB?src=hash&#038;ref_src=twsrc%5Etfw\">#DPARB<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/DPBTCb?src=hash&#038;ref_src=twsrc%5Etfw\">#DPBTCb<\/a> !\u2026 <a href=\"https:\/\/t.co\/8sXanAaCwe\">pic.twitter.com\/8sXanAaCwe<\/a><\/p>\n<p>\u2014 ? Cyvers Alerts ? (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1835568466901766208?ref_src=twsrc%5Etfw\">September 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Analysts suggest that the hacker <a href=\"https:\/\/arbiscan.io\/address\/0xd550cfea0bffdc81b2dee7b6d915d9d9e31d83a2\">gained<\/a> control over the administrative proxy server and redirected it to a malicious contract. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Delta Prime <a href=\"https:\/\/twitter.com\/DeltaPrimeDefi?ref_src=twsrc%5Etfw\">@DeltaPrimeDefi<\/a> admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!<a href=\"https:\/\/t.co\/uNn5nZoHp3\">https:\/\/t.co\/uNn5nZoHp3<\/a> <a href=\"https:\/\/t.co\/se3RebRjpX\">pic.twitter.com\/se3RebRjpX<\/a><\/p>\n<p>\u2014 Chaofan Shou (@shoucccc) <a href=\"https:\/\/twitter.com\/shoucccc\/status\/1835554652777336975?ref_src=twsrc%5Etfw\">September 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>DeltaPrime operates on the Arbitrum and Avalanche blockchains. Currently, the incident is known to have affected only the version on the former network. Due to the platform&#8217;s borrowing and lending features, users were unable to withdraw funds. <\/p>\n<p>The affected liquidity pools contain the stablecoin USDC, ARB, and Bitcoin. The hacker has already exchanged some of the &#8220;stablecoins&#8221; for ETH.<\/p>\n<p>The DeltaPrime team confirmed the incident and has initiated an investigation. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">DeltaPrime Blue exploited, this is the current status:<\/p>\n<p>At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation. <\/p>\n<p>DeltaPrime Red (Avalanche) is not vulnerable\u2026<\/p>\n<p>\u2014 DeltaPrime (@DeltaPrimeDefi) <a href=\"https:\/\/twitter.com\/DeltaPrimeDefi\/status\/1835603279369125893?ref_src=twsrc%5Etfw\">September 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;The risk is limited, we are working on asset recovery, and the insurance pool will cover any potential losses where possible\/necessary. Additionally, we are exploring other ways to minimize user losses,&#8221; the developers wrote. <\/p>\n<\/blockquote>\n<p>Analyst ZachXBT speculated that North Korean hackers, posing as Canadian and Japanese citizens, were once part of the DeltaPrime team.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Idk if related but they were one of the teams with the DPRK IT workers I reached out to warn (was told they were all removed) <a href=\"https:\/\/t.co\/cJ85VwZbbh\">https:\/\/t.co\/cJ85VwZbbh<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1835563015694917831?ref_src=twsrc%5Etfw\">September 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>At the time of writing, the daily decline of the PRIME token stands at 5.4%\u2014the coin is trading at $1.01, according to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/prime-2\">CoinGecko<\/a>.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcA2OGc01lIcSUgmy1hyApwvrrR-gi3W3YHQif3s1qeZqL0vnsYD-IH6Qyv6cfHXaqbw_la-CEiYremOnlIgAy7NdfmuEJpAHP4tf3p8co2mT4h4PRWdlOPtBq1C7uedBT3nxDI9xQIoJB22QPUB_gCKuU?key=QnZ091-3SL_P4e7a1n3G5Q\" alt=\"DeltaPrime Suffers $6 Million Loss Due to Private Key Leak\"\/><figcaption class=\"wp-element-caption\">24-hour PRIME chart. Data: CoinGecko.<\/figcaption><\/figure>\n<p>Earlier in September, the DeFi protocol Penpie lost $27 million due to an exploit.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On September 16, the on-chain brokerage firm DeltaPrime lost over $6 million following a private key leak on the Arbitrum network. At the time of writing, the attack is ongoing, as reported by several researchers on X. ?ALERT?Our system has detected multiple suspicious transactions involving @DeltaPrimeDefi on $ARB chain! (Still ongoing) It seems that admin [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":16989,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1335,44,1188],"class_list":["post-16990","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-arbitrum-arb","tag-cybercrime","tag-data-breach"],"aioseo_notices":[],"amp_enabled":true,"views":"21","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/16990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=16990"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/16990\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/16989"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=16990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=16990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=16990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}