Delta Prime DeFi has been exploited on Avalanche and Arbitrum for $4.75M

Source Cryptopolitan

Delta Prime paused its protocol on both Avalanche and Arbitrum, after an exploit estimated at $4.75M. The protocol discovered a vulnerability and closed all transactions to avoid further harm. 

Delta Prime has lost assets on its Avalanche and Arbitrum versions, amounting to $4.75M in losses. This is the second attack against the protocol since a previous exposure on September 19. During the previous attack, Delta Prime lost $5.9M due to compromised wallets. The hacking activity was tied to Lazarus, the group of North Korean hackers, as tracked by ZachXBT.

The last hack was linked to compromised wallets, where the hackers controlled the private keys. This time, none of DeltaPrime’s known token holdings were compromised. However, some of the protocol’s core reward mechanisms turned out to be flawed.

As with other exploits, malicious social media links are being distributed through copycat accounts. These links lead to websites promising fund recovery or permission revocation. 

The Delta Prime protocol contained more than $35M in total value locked. In September, before the hack, the value was as high as $65M. Subsequent loss of value for PRIME and loss of trust in the protocol led to a drop in value locked. However, Delta Prime was on track to recovering its liquidity, up from a low of $22M, when this new exploit happened. 

The two hacks are separated by less than two months, and they bring to mind the case of Cosmos (ATOM). The project was infiltrated by North Korean hackers posing as developers, who were responsible for critical parts of the code. For now, Cosmos has not been exploited, but the case raised concerns about the ability of malicious actors to be aware of smart contract vulnerabilities. 

The Delta Prime hack follows a similar minor exploit where a liquidity pool was drained. Researcher Chaofan Shou noted a vulnerable smart contract allowed the hacker to drain a much larger reward, in this case, costing the unnamed protocol $500K

Delta Prime faced a reward exploit 

According to on-chain experts from Peckshield, this time, Delta Prime suffered an exploit of its reward smart contract. The attacker also apparently acquired administrator privileges on SmartLoansFactory, one of the side contracts that control loan creation and initial funding in one transaction. The smart contract also manages the data of loan creators, known as Borrowers Registry.

Delta Prime is a project built for leveraged farming, a risky tool to borrow and deposit funds into yield farming protocols. The protocol’s reward smart contract contained a flaw that allowed the hacker to receive rewards for a faked pair.

Analysis by Peckshield reveals the contract’s input was not verified, allowing the hacker to keep both the initial collateral and the borrowed funds. Certik tracked the actions, which included an attempt to borrow WBTC, where the hacker ended up holding both the collateral and the loan. 

The smart contract exploit happened despite Delta Prime having a complete audit by Peckshield. In total, Delta Prime completed seven independent audits, the last one in the summer of 2024.

The exploiter made away with 110 AVAX, 74 WAVAX, 860K USDC, 6.34 BTC, 49 WETH, and another 260K USDT. After the funds were sent to intermediary wallets, some were reverted back to DeFi protocols, including LFJ and Stargate liquidity farming. 

The stolen assets came from multiple drained pools, concentrating the spoils in one address. Most of the funds are on the Arbitrum chain, constrained to its DeFi landscape. The hacker has not bridged or mixed the funds. 

The hacker’s wallet is multi-chain, though other addresses only contain a small part of the funds. The main wallet continued to interact with other Arbitrum swap and DeFi protocols after the attack was noticed. All the wallets were recently created and first funded from DEX sources. The wallets have no previous activity or history before the hack. 

Some of the funds are stored on Avalanche, and they continued their movements in the hours after the attack. Most of the assets on Avalanche C-Chain were moved to other protocols, as the hacker used them to provide liquidity

The Avalanche or Arbitrum wallets did not contain any bridging transactions. Around $750K of the funds are contained in identified Arbitrum wallets, while Avalanche holds $2.18M. The two attacks were held separately for each chain, with a total of five identified wallets. 

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Gold Price Forecast: Cooling Inflation Fails to Offset Fed Hawkish Pressure, Gold Price May Fall to $3,500As of the Asian session on July 17, gold prices ( XAUUSD ) fluctuated around $4,000. However, it is worth noting that gold closed at $3,969.41 yesterday, confirming a break below the $4,0
Author  TradingKey
12 hours ago
As of the Asian session on July 17, gold prices ( XAUUSD ) fluctuated around $4,000. However, it is worth noting that gold closed at $3,969.41 yesterday, confirming a break below the $4,0
placeholder
TradingKey Daily Market Brief: Gold Falls Below $4,000, TSMC’s Strong Earnings Fail to Stop AI Trade Cooling, Chip Stocks Sold OffTracking Market TrendsTradingKey - On July 16, Eastern Time, the three major US stock indexes closed down collectively. Although US economic data performed robustly and the start of the Q2 earnings se
Author  TradingKey
21 hours ago
Tracking Market TrendsTradingKey - On July 16, Eastern Time, the three major US stock indexes closed down collectively. Although US economic data performed robustly and the start of the Q2 earnings se
placeholder
SK Hynix ADR Premium Narrows Sharply, Two-Way Conversion Imminent, Arbitrage Window Tests PricingAfter experiencing a wild surge following its initial listing, SK Hynix ( SKHY) ADR premium is rapidly unwinding. In US trading on Wednesday, July 15, SK Hynix ADRs closed down 9% at $176
Author  TradingKey
Yesterday 10: 27
After experiencing a wild surge following its initial listing, SK Hynix ( SKHY) ADR premium is rapidly unwinding. In US trading on Wednesday, July 15, SK Hynix ADRs closed down 9% at $176
placeholder
Today’s Market Recap: Unexpected PPI Drop Boosts Markets, Apple Hits All-Time High, AI Hardware Stocks Remain Under Pressure, Micron, SanDisk SlumpOn July 15, Eastern Time, the three major US stock indexes closed higher for the second consecutive trading day. The unexpected decline in the US June PPI further st
Author  TradingKey
Yesterday 01: 20
On July 15, Eastern Time, the three major US stock indexes closed higher for the second consecutive trading day. The unexpected decline in the US June PPI further st
placeholder
Gold Price Trend Forecast: Why Did Gold Prices Fall After US CPI Cooled? Fed Chair Speech and Iran Situation Become Obstacles As of the Asian trading session on July 15, gold ( XAUUSD) prices fell back to fluctuate near $4,030, erasing nearly all of the gains driven by yesterday's positive CPI data. Looking at t
Author  TradingKey
Jul 15, Wed
As of the Asian trading session on July 15, gold ( XAUUSD) prices fell back to fluctuate near $4,030, erasing nearly all of the gains driven by yesterday's positive CPI data. Looking at t
goTop
quote