Delta Prime DeFi has been exploited on Avalanche and Arbitrum for $4.75M

Source Cryptopolitan

Delta Prime paused its protocol on both Avalanche and Arbitrum, after an exploit estimated at $4.75M. The protocol discovered a vulnerability and closed all transactions to avoid further harm. 

Delta Prime has lost assets on its Avalanche and Arbitrum versions, amounting to $4.75M in losses. This is the second attack against the protocol since a previous exposure on September 19. During the previous attack, Delta Prime lost $5.9M due to compromised wallets. The hacking activity was tied to Lazarus, the group of North Korean hackers, as tracked by ZachXBT.

The last hack was linked to compromised wallets, where the hackers controlled the private keys. This time, none of DeltaPrime’s known token holdings were compromised. However, some of the protocol’s core reward mechanisms turned out to be flawed.

As with other exploits, malicious social media links are being distributed through copycat accounts. These links lead to websites promising fund recovery or permission revocation. 

The Delta Prime protocol contained more than $35M in total value locked. In September, before the hack, the value was as high as $65M. Subsequent loss of value for PRIME and loss of trust in the protocol led to a drop in value locked. However, Delta Prime was on track to recovering its liquidity, up from a low of $22M, when this new exploit happened. 

The two hacks are separated by less than two months, and they bring to mind the case of Cosmos (ATOM). The project was infiltrated by North Korean hackers posing as developers, who were responsible for critical parts of the code. For now, Cosmos has not been exploited, but the case raised concerns about the ability of malicious actors to be aware of smart contract vulnerabilities. 

The Delta Prime hack follows a similar minor exploit where a liquidity pool was drained. Researcher Chaofan Shou noted a vulnerable smart contract allowed the hacker to drain a much larger reward, in this case, costing the unnamed protocol $500K

Delta Prime faced a reward exploit 

According to on-chain experts from Peckshield, this time, Delta Prime suffered an exploit of its reward smart contract. The attacker also apparently acquired administrator privileges on SmartLoansFactory, one of the side contracts that control loan creation and initial funding in one transaction. The smart contract also manages the data of loan creators, known as Borrowers Registry.

Delta Prime is a project built for leveraged farming, a risky tool to borrow and deposit funds into yield farming protocols. The protocol’s reward smart contract contained a flaw that allowed the hacker to receive rewards for a faked pair.

Analysis by Peckshield reveals the contract’s input was not verified, allowing the hacker to keep both the initial collateral and the borrowed funds. Certik tracked the actions, which included an attempt to borrow WBTC, where the hacker ended up holding both the collateral and the loan. 

The smart contract exploit happened despite Delta Prime having a complete audit by Peckshield. In total, Delta Prime completed seven independent audits, the last one in the summer of 2024.

The exploiter made away with 110 AVAX, 74 WAVAX, 860K USDC, 6.34 BTC, 49 WETH, and another 260K USDT. After the funds were sent to intermediary wallets, some were reverted back to DeFi protocols, including LFJ and Stargate liquidity farming. 

The stolen assets came from multiple drained pools, concentrating the spoils in one address. Most of the funds are on the Arbitrum chain, constrained to its DeFi landscape. The hacker has not bridged or mixed the funds. 

The hacker’s wallet is multi-chain, though other addresses only contain a small part of the funds. The main wallet continued to interact with other Arbitrum swap and DeFi protocols after the attack was noticed. All the wallets were recently created and first funded from DEX sources. The wallets have no previous activity or history before the hack. 

Some of the funds are stored on Avalanche, and they continued their movements in the hours after the attack. Most of the assets on Avalanche C-Chain were moved to other protocols, as the hacker used them to provide liquidity

The Avalanche or Arbitrum wallets did not contain any bridging transactions. Around $750K of the funds are contained in identified Arbitrum wallets, while Avalanche holds $2.18M. The two attacks were held separately for each chain, with a total of five identified wallets. 

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
US NFP Forecast: Nonfarm Payrolls expected to grow below 200K in December for third straight monthThe US jobs report could influence the market pricing of the Fed rate outlook and the US Dollar valuation.
Author  FXStreet
Jan 05, Fri
The US jobs report could influence the market pricing of the Fed rate outlook and the US Dollar valuation.
placeholder
Gold Price Forecast: XAU/USD holds positive ground above $2,020 ahead of US CPI dataGold price (XAU/USD) drifted higher during the early Asian trading hours on Thursday.
Author  FXStreet
Jan 11, Thu
Gold price (XAU/USD) drifted higher during the early Asian trading hours on Thursday.
placeholder
Japanese Yen stands tall near one-month top against USD on hawkish BoJ talksThe Japanese Yen (JPY) rallied to the highest level since early February against its American counterpart on Friday amid bets for an imminent shift in the Bank of Japan's (BoJ) policy stance.
Author  FXStreet
Mar 11, Mon
The Japanese Yen (JPY) rallied to the highest level since early February against its American counterpart on Friday amid bets for an imminent shift in the Bank of Japan's (BoJ) policy stance.
placeholder
Natural Gas sinks to pivotal level as China’s demand slumpsNatural Gas price (XNG/USD) edges lower and sinks to $2.56 on Monday, extending its losing streak for the fifth day in a row. The move comes on the back of China cutting its Liquified Natural Gas (LNG) imports after prices rose above $3.0 in June. It
Author  FXStreet
Jul 01, Mon
Natural Gas price (XNG/USD) edges lower and sinks to $2.56 on Monday, extending its losing streak for the fifth day in a row. The move comes on the back of China cutting its Liquified Natural Gas (LNG) imports after prices rose above $3.0 in June. It
placeholder
Want to Invest in SpaceX? It's About to Get Easier.Can everyday investors put their money to work in SpaceX stock? For the company's roughly 20-year history, the answer has been "sort of."SpaceX has an estimated valuation of more t
Author  The Motley Fool
Yesterday 12: 06
Can everyday investors put their money to work in SpaceX stock? For the company's roughly 20-year history, the answer has been "sort of."SpaceX has an estimated valuation of more t
goTop
quote