DeltaPrime, a decentralized finance (DeFi) platform on the Arbitrum blockchain, has been attacked, leading to a loss of approximately $6 million. The attack was executed through a private key exploit that allowed hackers to gain control of the platform’s admin wallet.
“Multiple suspicious transactions” were identified by on-chain security firm Cyvers, which reported that the attackers managed to reroute DeltaPrime’s proxy contracts to a malicious contract. This enabled them to drain funds from various pools, including those holding USDC, ARB, and Bitcoin.
The exploit was facilitated after the attackers gained access to the admin key, which was identified as 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb. Once they obtained control, they upgraded key proxy contracts to direct to a malicious address, specifically 0xD4CA224a176A59ed1a346FA86C3e921e01659E73. This action enabled the hackers to exploit the platform’s pools, inflating deposited amounts and extracting around $6 million in different cryptocurrencies. Cyvers’ CTO Meir Dolev explained that the attackers could drain DeltaPrime’s pools on the Arbitrum chain by manipulating the proxy contracts.
The investigation is still ongoing, and the exact method of private key compromise remains unclear. However, blockchain analyst ZachXBT noted that DeltaPrime had previously employed IT workers from North Korea.
“The relevance of this fact to the current breach is unclear,” they stated, highlighting concerns based on the hackers’ methods. ZachXBT suggested that the tactics used in the DeltaPrime attack resemble those employed by the Lazarus Group, a hacking group linked to the North Korean government. The group is known for using social engineering tactics, such as posing as IT staff or developers, to infiltrate companies and compromise their systems.
According to the report, the hackers quickly converted the stolen USDC into Ethereum (ETH). ZachXBT also noted: “the next destination for the stolen ETH is likely Tornado Cash,” a mixing tool often used by cybercriminals to obscure the origin of stolen assets.
🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!
So far $5.93M has been drained!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
Surge in Crypto Hacks in 2024
The breach at DeltaPrime follows a series of significant hacks within the cryptocurrency sector this year. Data from blockchain research firm TRM Labs shows that over $1.38 billion was stolen in various crypto-related hacks during the first half of 2024, more than doubling the $657 million stolen during the same period in 2023. In June, hackers stole over $230 million from the Indian cryptocurrency exchange WazirX.
North Korean hackers have frequently been implicated in major cryptocurrency thefts. The United States government had linked North Korean cybercriminals to several large-scale attacks, including the $600 million Axie Infinity hack in 2022. The United Nations also accused North Korea of using funds from these cyberattacks to finance its nuclear and missile programs. North Korea has denied these allegations.
Lawrence does not hold any crypto asset. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.