DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

DeltaPrime DeFi platform suffers a $5.98M hack on the Arbitrum chain due to a private key leak. The attack compromised several liquidity pools, and the team is working on asset recovery and minimizing user losses.

In the early hours of September 16, 2024, DeltaPrime, a prominent decentralized finance (DeFi) platform, announced that its Arbitrum-based protocol, DeltaPrime Blue, was exploited in a cyber attack that drained approximately $5.98 million.

According to an official tweet from DeltaPrime at 9:55 AM, the exploit occurred at 6:14 AM CET and was traced to a compromised private key. The team reassured users that the issue is limited to the Arbitrum chain, with the Avalanche-based DeltaPrime Red unaffected due to its use of multisig wallets and cold storage for added security.

The company emphasized that they are actively working on asset retrieval and that the platform’s insurance pool is expected to cover losses where possible. Additionally, DeltaPrime is exploring further measures to minimize user losses, pledging ongoing updates through social media and Discord.

DeltaPrime Blue exploited, this is the current status:

At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.

DeltaPrime Red (Avalanche) is not vulnerable…

— DeltaPrime (@DeltaPrimeDefi) September 16, 2024

The attack was first flagged by Cyvers Alerts, a blockchain security platform, which detected suspicious transactions related to DeltaPrime Blue on the Arbitrum chain. In a tweet at 7:36 AM, Cyvers reported multiple suspicious transactions draining liquidity pools, such as DPUSDC, DPARB, and DPBTCb.

They noted that the attacker had already swapped large amounts of USDC for ETH, with the total loss estimated at $4.5 million at the time. An hour later, Cyvers updated their estimate, stating that the losses had increased to $5.93 million, confirming that the attacker had taken control of the private key for DeltaPrime’s admin wallet, allowing them to upgrade proxy contracts and direct them to malicious ones.

🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!

So far $5.93M has been drained!

Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024

In a comment to Hackread.com, Meir Dolev, CTO of CyVers stated “The hacker took control of the admin wallet for DeltaPrime’s proxy contracts, later upgrading these contracts to point to his malicious contract, which enabled the draining of the pools on the Arbitrum chain. The total loss is around $5.9 million USD.“

As the investigation continues, DeltaPrime assures users that their funds on Avalanche remain secure, while they focus on resolving the situation on Arbitrum. Stay tuned, this article will be updated accordingly.

1. 6 of the Best Crypto Bug Bounty Programs
2. Crypto Scammer Returns $9.27M Out of $24M Crypto Theft
3. Crypto Exchange FixedFloat Hacked: $26M in BTC, ETH Stolen
4. Hackers Stole $59M of Crypto Via Malicious Google and X Ads
5. Crypto losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed