DeFi Platform Delta Primes Loses $6 Million In Security Breach, Is North Korea Involved?
September 16 2024 - 9:30PM
NEWSBTC
Decentralized Finance (DeFi) platform Delta Primes suffered a
security breach on Monday, affecting the protocol’s users. The
attack took $6 million from the project’s pools and is under
investigation. However, on-chain investigators suspect it could be
linked to North Korean hackers and be part of a larger-scale
scheme. Related Reading: Glassnode Founders Say Bitcoin Crash To
$37,000 Wouldn’t Be A Bad Thing, Here’s Why Hackers Drain $6
Million From DeFi Protocol On Monday morning, cyber security
platform Cyvers Alerts informed the community about the ongoing
attack on DeFi borrowing protocol Delta Primes. The initial report
revealed that Cyvers’ system had detected multiple suspicious
transactions involving the project on the Arbitrum chain. The
transactions suggested the DeFi protocol’s team had lost the
private key, initially losing $4.5 million from the DPUSDC, DPARB,
and DPBTCb pools. The suspicious draining address immediately
swapped the USDC for Ethereum (ETH). In the next hour, Cyvers
detailed that the attackers had seemingly changed the proxy,
pointing to a malicious address. Other reports explained that “this
malicious contract can inflate the deposited amount of the hacker
on all pools.” The attackers drained another $1.48 million from the
pools before Delta Prime’s team regained control. Two hours after
the initial reports, the DeFi platform addressed the incident. Per
the post, DeltaPrime Blue, on the Arbritum chain, was attacked and
drained for $5.98 million. The team confirmed that the attack was
due to a compromised private key, with the cause still being
investigated. Delta Prime’s team also assured users that DetalPrime
Red, on Avalanche, was safe from this attack, detailing that the
“implementation here is covered solely by multisigs and cold
wallets (as it should be).” Additionally, the post claimed that the
risk was already contained, reassuring its community that the DeFi
protocol’s insurance pool would cover potential losses: The risk is
contained, we’re working on asset-retrieval and the insurance pool
will cover any potential losses where possible / necessary.
Additionally, we’re looking into other ways to reduce user losses
to a minimum. Are North Korean Hackers Responsible? Despite the
quick response, some users expressed their concerns about the
incident. When questioned about it, the team explained that there
were no timelocks for DeltaPrime Blue: This is exactly what
timelocks are for. The switch from this hot & non-timelocked
owner to a cold timelocked owner should have been done on Arbitrum
like it was on Avalanche (and like other initial owners on Arbi)
One community member criticized the team for not having the same
security measures on DeltaPrime Blue and Red, stating there was no
excuse for the mistake. Moreover, on-chain sleuth ZachXBT suggested
that the attack could be linked to a larger-scale problem. A month
ago, Zach assisted another team with another crypto hack. The
investigation unveiled that over 25 projects within the space had
unknowingly hired multiple IT workers from North Korea using fake
identities as developers. Related Reading: Solana Losses Ground,
Drops Below $137 As Bearish Momentum Builds Today, the crypto
detective revealed that the DeFi protocol was among the teams he
alerted about the North Korean IT workers in August. He also noted
that the method used for Delta Prime’s exploit was similar to the
hack he originally assisted. As of this writing, Delta Prime’s team
has not addressed the possible link. However, it stated that they
would focus on getting the funds back and that “the event isn’t
over yet.” Featured Image from Unsplash.com, Chart from
TradingView.com
Solana (COIN:SOLUSD)
Historical Stock Chart
From Sep 2024 to Oct 2024
Solana (COIN:SOLUSD)
Historical Stock Chart
From Oct 2023 to Oct 2024