Key Takeaways
- The attack occurred after a hacker gained control of a private key, allowing them to manipulate the platformโs contracts
- As per Cyvers, the hacker exploited a wallet that serves as the admin for Delta Primeโs proxy contracts.
Delta Prime, a decentralized finance (DeFi) platform, has lost over $5.9 million following a cyberattack on September 16. The attack occurred after a hacker gained control of a private key, allowing them to manipulate the platformโs contracts and drain funds from its pools on the Arbitrum blockchain.
According to Meir Dolev, CTO of Cyvers, the hacker exploited a wallet that serves as the admin for Delta Primeโs proxy contracts. Once in control, the hacker upgraded these contracts to direct funds into their own malicious contract, effectively siphoning off the platform’s assets. Dolev noted that the attacker had already swapped stolen USDC for Ethereum, and the loss was initially estimated at $4.5 million. However, the amount quickly surged as the attack continued.
โSuspicious address already swapped USDC to ETH! Total estimated loss is around $4.5M so far! However, a suspicious address is still draining the pools! Total loss might increase,โ Dolev warned in an alert issued during the attack.
On-chain researcher Chaofan Shou confirmed the total stolen had climbed to nearly $6 million, following a second wave of transactions. The losses have raised concerns within the DeFi community, as the attack remains one of the most significant in recent months.
This breach is just the latest in a string of high-profile crypto hacks in 2024. It comes two months after WazirX, an Indian crypto exchange, suffered a loss of over $230 million, marking one of the largest hacks of the year.
ZachXBT, an on-chain investigator, speculated that the Delta Prime hacker might be linked to the infamous Lazarus Group. The North Korean-linked cybercrime syndicate is known for infiltrating crypto companies, often through social engineering. ZachXBT pointed out that the attackerโs methods resemble previous hacks attributed to Lazarus, where members pose as developers or IT staff to gain trust before inserting malicious code.
Hacks in the Web3 have become increasingly common in the last few years. In July 2024, India-based leading crypto exchange WazirX was hacked leading to a staggering loss of $234.9 million worth of crypto assets. Several reports have identified ย Lazarus Group as the mastermind behind the WazirX exploit
As per a recent report by blockchain data platform Chainalysis, Aggregate illicit activity in crypto has dropped 19.6% year-to-date , falling from $20.9 billion to $16.7 billion by July 2024.