🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!
So far $5.93M has been drained!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
The exploit has primarily affected DeltaPrime's operations on the Arbitrum blockchain, with losses expected to rise.
Exploit Details
The breach occurred when a hacker gained control of the admin private key for DeltaPrime's proxies. This key, associated with the address 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, allowed the attacker to redirect funds to a malicious contract identified as 0xD4CA224a176A59ed1a346FA86C3e921e01659E73.
Per reports, the hacker’s actions included draining pools like DPUSDC, DPARB, and DPBTCb. Cyvers reported that the stolen funds were converted from USDC to Ethereum (ETH).
As of the latest reports, the estimated loss is approximately $5.93 million; however, this figure may increase as the suspicious address continues to drain funds.
“Hacker took control of the wallet which is the admin of Delta Prime proxy contacts, later on, upgraded these contracts to point to his malicious contract this enabled the hacker to drain Delta Prime pools on Arbitrum chain. Total loss is 5.9 million USD,” Meir Dolev, CTO, CyVers, told BSCN.
The DeltaPrime team has yet to comment publicly on the incident, and it remains unclear whether the protocol’s deployment on the Avalanche network is also vulnerable.
Background on DeltaPrime
It received significant backing from investors such as Avalanche, GSR Capital, Moonhill Capital, and Uplift.