The decentralized finance (DeFi) protocol DeltaPrime has recently experienced a significant security breach, resulting in the loss of $6 million. This alarming incident was reported by blockchain security specialists at Cyvers.
Details of the Exploit
On September 16, Cyvers disclosed the exploit on their official social media platform. According to the firm’s Chief Technology Officer, Meir Dolev, the breach was facilitated by a compromised “admin key.” Dolev explained:
“The hacker took control of the wallet, which serves as the admin for Delta Prime proxy contracts. They subsequently upgraded these contracts to redirect to their malicious contract, enabling them to drain Delta Prime’s pools on the Arbitrum chain.”
It was also reported that the attacker began converting portions of the stolen assets into Ethereum.
As of the latest updates, the DeltaPrime team has not made any official comments regarding this incident.
Background of Previous Incidents
Previous Breach in July
This breach comes just two months after DeltaPrime was victim to a $1 million exploit in July. During that incident, the attacker exploited a misconfiguration, allowing them to access funds across 13 different Prime Accounts. The hacker managed to transfer account ownership, repay outstanding loans, and withdraw collateral during the attack.
Following the incident, DeltaPrime re-audited their codebase and addressed the vulnerabilities that permitted the exploit. The protocol took steps to compensate affected users, recovering $900,000 from the perpetrator and contributing an additional $100,000 from its stability pool.
Concerns Regarding North Korean Involvement
Noteworthy connections have emerged regarding potential links to North Korean hackers. Blockchain expert ZachXBT pointed out that DeltaPrime employed IT professionals from North Korea, a country under various sanctions.
In his earlier warnings to the DeFi platform, ZachXBT cautioned against hiring developers from this region. Although DeltaPrime claimed they removed the flagged individuals, the specific connection between these hires and the recent hacking incident remains uncertain.
Reports have increasingly shown how North Korean cybercriminals infiltrate cryptocurrency firms for insider access and leverage this information for targeted exploits. The FBI has previously issued warnings regarding the threats posed by North Korean actors, emphasizing their involvement in numerous high-profile hacks, including the $235 million breach at WazirX and the $20 million exploit of the Indodax exchange.
