DeltaPrime DeFi platform suffers a $5.98M hack on the Arbitrum chain due to a private key leak. The attack compromised several liquidity pools, and the team is working on asset recovery and minimizing user losses.
In the early hours of September 16, 2024, DeltaPrime, a prominent decentralized finance (DeFi) platform, announced that its Arbitrum-based protocol, DeltaPrime Blue, was exploited in a cyber attack that drained approximately $5.98 million.
According to an official tweet from DeltaPrime at 9:55 AM, the exploit occurred at 6:14 AM CET and was traced to a compromised private key. The team reassured users that the issue is limited to the Arbitrum chain, with the Avalanche-based DeltaPrime Red unaffected due to its use of multisig wallets and cold storage for added security.
The company emphasized that they are actively working on asset retrieval and that the platform’s insurance pool is expected to cover losses where possible. Additionally, DeltaPrime is exploring further measures to minimize user losses, pledging ongoing updates through social media and Discord.
DeltaPrime Blue exploited, this is the current status:
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024
At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
DeltaPrime Red (Avalanche) is not vulnerable…
The attack was first flagged by Cyvers Alerts, a blockchain security platform, which detected suspicious transactions related to DeltaPrime Blue on the Arbitrum chain. In a tweet at 7:36 AM, Cyvers reported multiple suspicious transactions draining liquidity pools, such as DPUSDC, DPARB, and DPBTCb.
They noted that the attacker had already swapped large amounts of USDC for ETH, with the total loss estimated at $4.5 million at the time. An hour later, Cyvers updated their estimate, stating that the losses had increased to $5.93 million, confirming that the attacker had taken control of the private key for DeltaPrime’s admin wallet, allowing them to upgrade proxy contracts and direct them to malicious ones.
🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!
So far $5.93M has been drained!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
In a comment to Hackread.com, Meir Dolev, CTO of CyVers stated “The hacker took control of the admin wallet for DeltaPrime’s proxy contracts, later upgrading these contracts to point to his malicious contract, which enabled the draining of the pools on the Arbitrum chain. The total loss is around $5.9 million USD.“
As the investigation continues, DeltaPrime assures users that their funds on Avalanche remain secure, while they focus on resolving the situation on Arbitrum. Stay tuned, this article will be updated accordingly.
