Delta Prime DeFi has been exploited on Avalanche and Arbitrum for $4.75M

Source Cryptopolitan

Delta Prime paused its protocol on both Avalanche and Arbitrum, after an exploit estimated at $4.75M. The protocol discovered a vulnerability and closed all transactions to avoid further harm. 

Delta Prime has lost assets on its Avalanche and Arbitrum versions, amounting to $4.75M in losses. This is the second attack against the protocol since a previous exposure on September 19. During the previous attack, Delta Prime lost $5.9M due to compromised wallets. The hacking activity was tied to Lazarus, the group of North Korean hackers, as tracked by ZachXBT.

The last hack was linked to compromised wallets, where the hackers controlled the private keys. This time, none of DeltaPrime’s known token holdings were compromised. However, some of the protocol’s core reward mechanisms turned out to be flawed.

As with other exploits, malicious social media links are being distributed through copycat accounts. These links lead to websites promising fund recovery or permission revocation. 

The Delta Prime protocol contained more than $35M in total value locked. In September, before the hack, the value was as high as $65M. Subsequent loss of value for PRIME and loss of trust in the protocol led to a drop in value locked. However, Delta Prime was on track to recovering its liquidity, up from a low of $22M, when this new exploit happened. 

The two hacks are separated by less than two months, and they bring to mind the case of Cosmos (ATOM). The project was infiltrated by North Korean hackers posing as developers, who were responsible for critical parts of the code. For now, Cosmos has not been exploited, but the case raised concerns about the ability of malicious actors to be aware of smart contract vulnerabilities. 

The Delta Prime hack follows a similar minor exploit where a liquidity pool was drained. Researcher Chaofan Shou noted a vulnerable smart contract allowed the hacker to drain a much larger reward, in this case, costing the unnamed protocol $500K

Delta Prime faced a reward exploit 

According to on-chain experts from Peckshield, this time, Delta Prime suffered an exploit of its reward smart contract. The attacker also apparently acquired administrator privileges on SmartLoansFactory, one of the side contracts that control loan creation and initial funding in one transaction. The smart contract also manages the data of loan creators, known as Borrowers Registry.

Delta Prime is a project built for leveraged farming, a risky tool to borrow and deposit funds into yield farming protocols. The protocol’s reward smart contract contained a flaw that allowed the hacker to receive rewards for a faked pair.

Analysis by Peckshield reveals the contract’s input was not verified, allowing the hacker to keep both the initial collateral and the borrowed funds. Certik tracked the actions, which included an attempt to borrow WBTC, where the hacker ended up holding both the collateral and the loan. 

The smart contract exploit happened despite Delta Prime having a complete audit by Peckshield. In total, Delta Prime completed seven independent audits, the last one in the summer of 2024.

The exploiter made away with 110 AVAX, 74 WAVAX, 860K USDC, 6.34 BTC, 49 WETH, and another 260K USDT. After the funds were sent to intermediary wallets, some were reverted back to DeFi protocols, including LFJ and Stargate liquidity farming. 

The stolen assets came from multiple drained pools, concentrating the spoils in one address. Most of the funds are on the Arbitrum chain, constrained to its DeFi landscape. The hacker has not bridged or mixed the funds. 

The hacker’s wallet is multi-chain, though other addresses only contain a small part of the funds. The main wallet continued to interact with other Arbitrum swap and DeFi protocols after the attack was noticed. All the wallets were recently created and first funded from DEX sources. The wallets have no previous activity or history before the hack. 

Some of the funds are stored on Avalanche, and they continued their movements in the hours after the attack. Most of the assets on Avalanche C-Chain were moved to other protocols, as the hacker used them to provide liquidity

The Avalanche or Arbitrum wallets did not contain any bridging transactions. Around $750K of the funds are contained in identified Arbitrum wallets, while Avalanche holds $2.18M. The two attacks were held separately for each chain, with a total of five identified wallets. 

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
WTI rally takes a timeout amid signs of US-Iran war de-escalationWest Texas Intermediate (WTI) Oil futures on NYMEX trade slightly lower to near $71.50 during the European trading session on Friday. The Oil price extends its correction after posting a fresh over two-week high at $75.73 on Wednesday.
Author  FXStreet
Jul 10, Fri
West Texas Intermediate (WTI) Oil futures on NYMEX trade slightly lower to near $71.50 during the European trading session on Friday. The Oil price extends its correction after posting a fresh over two-week high at $75.73 on Wednesday.
placeholder
Gold recovers above $4,100 as traders assess US-Iran conflict Gold price (XAU/USD) rebounds to around $4,120 during the early Asian session on Friday. The precious metal edges higher as traders weigh a resumption of war in the Middle East.
Author  FXStreet
Jul 10, Fri
Gold price (XAU/USD) rebounds to around $4,120 during the early Asian session on Friday. The precious metal edges higher as traders weigh a resumption of war in the Middle East.
placeholder
WTI consolidates below $72.00 as traders monitor geopolitical developmentsWest Texas Intermediate (WTI) – the benchmark US Crude Oil price – steadies during the Asian session on Friday, stalling the previous day's downfall amid mixed messaging from the US and Iran.
Author  FXStreet
Jul 10, Fri
West Texas Intermediate (WTI) – the benchmark US Crude Oil price – steadies during the Asian session on Friday, stalling the previous day's downfall amid mixed messaging from the US and Iran.
placeholder
WTI Crude Oil Price Forecast: US-Iran Conflict Reignites, Will a New Round of Oil Price Rises Begin? As of the Asian session on July 9, after WTI ( USOIL) crude oil prices rebounded sharply for two consecutive trading days, oil prices hovered and adjusted around $73.30 today. From the te
Author  TradingKey
Jul 09, Thu
As of the Asian session on July 9, after WTI ( USOIL) crude oil prices rebounded sharply for two consecutive trading days, oil prices hovered and adjusted around $73.30 today. From the te
placeholder
British Pound strengthens to near 1.3400 as UK political risk fades The GBP/USD pair gathers strength near 1.3395 during the Asian trading hours on Thursday, bolstered by fading domestic political uncertainty.
Author  FXStreet
Jul 09, Thu
The GBP/USD pair gathers strength near 1.3395 during the Asian trading hours on Thursday, bolstered by fading domestic political uncertainty.
goTop
quote