DeFi Platform Delta Primes Loses $6 Million In Security Breach, Is North Korea Involved?

As a seasoned cybersecurity analyst with over two decades of experience under my belt, I can’t help but feel a sense of deja vu when reading about yet another DeFi protocol falling victim to a security breach. The attack on Delta Primes is a stark reminder of the ever-present threats that these platforms face and the importance of robust cybersecurity measures.


On Monday, there was a security incident reported on Delta Primes, a Decentralized Finance (DeFi) platform, which has potentially impacted its users. This attack is believed to have drained $6 million from the project’s pools. The incident is currently being investigated, but preliminary on-chain investigations hint at possible connections to North Korean cybercriminals and a broader scheme.

Hackers Drain $6 Million From DeFi Protocol

On Monday morning, cyber security platform Cyvers Alerts informed the community about the ongoing attack on DeFi borrowing protocol Delta Primes. The initial report revealed that Cyvers’ system had detected multiple suspicious transactions involving the project on the Arbitrum chain.

It appears that the proposed transactions indicated that the DeFi protocol’s team might have misplaced their private key, resulting in an initial loss of approximately $4.5 million from the DPUSDC, DPARB, and DPBTCb pools. This questionable withdrawal address subsequently converted the USDC into Ethereum (ETH).

Within the upcoming hour, Cyvers clarified that the attackers appeared to have switched their proxy, suggesting a harmful address. Further findings indicated that “this harmful smart contract could artificially increase the hacker’s balance across all pools.

The intruders managed to siphon off approximately $1.48 million from the funds prior to Delta Prime’s group reestablishing control. It was two hours later, following the first notifications, that the Decentralized Finance (DeFi) platform spoke up about the incident.

As a crypto investor, I’ve learned about the recent incident involving DeltaPrime Blue on the Arbitrum chain. Regrettably, it seems that hackers managed to exploit a vulnerability related to a compromised private key, resulting in a loss of approximately $5.98 million. The team is actively investigating the cause behind this breach to ensure appropriate action can be taken moving forward.

Delta Prime’s team further reassured users that DetalPrime Red, operating on Avalanche, was secure against such attacks. They explained that the “security measures in place are exclusively multi-signatures and cold storage wallets,” which is how it ought to be.

Moreover, the post asserted that the risk had been managed effectively, offering comfort to its user base by stating that the Decentralized Finance (DeFi) platform’s insurance fund would compensate for any potential losses.

The risk is contained, we’re working on asset-retrieval and the insurance pool will cover any potential losses where possible / necessary. Additionally, we’re looking into other ways to reduce user losses to a minimum.

Are North Korean Hackers Responsible?

Although the speedy reaction was appreciated by many, some users raised concerns regarding the incident. Inquired about the matter, the team clarified that there are no time locks in place for DeltaPrime Blue.

Timelocks serve precisely this purpose: they facilitate the transition from a hot, non-timelocked owner to a cold, timelocked one. As has been done on Avalanche, and similarly by early owners on Arbitrum, this switch should ideally take place within the Arbitrum ecosystem.

One community member criticized the team for not having the same security measures on DeltaPrime Blue and Red, stating there was no excuse for the mistake. Moreover, on-chain sleuth ZachXBT suggested that the attack could be linked to a larger-scale problem.

Approximately a month ago, Zach lent aid to a different team in relation to a cyberattack on cryptocurrency. The subsequent probe revealed that more than 25 ventures in the crypto sector had unwittingly employed numerous IT professionals from North Korea under false developer identities.

Today, a cryptocurrency investigator disclosed that a Decentralized Finance (DeFi) team was one of those he warned about North Korean information technology workers back in August. Furthermore, he pointed out that the technique employed in the exploit of Delta Prime bears resemblance to the hack he initially assisted with.

At the moment, Delta Prime’s team hasn’t commented on the potential connection. Nevertheless, they’ve made clear their intention to recover the lost funds, emphasizing that “this incident is not yet concluded.

DeFi Platform Delta Primes Loses $6 Million In Security Breach, Is North Korea Involved?

Read More

Sorry. No data so far.

2024-09-17 04:34