In yet another blow to the decentralized finance (DeFi) space, Delta Prime, a popular DeFi protocol, has fallen victim to a sophisticated exploit, resulting in the loss of over $6 million in various cryptocurrencies. The hacker gained access to an admin account, enabling them to mint an enormous amount of deposit receipt tokens and drain the protocol’s liquidity pools.
The attacker siphoned funds in USDC, Bitcoin (BTC), Ethereum (ETH), and other assets, further underscoring the vulnerabilities that plague DeFi protocols.
The attack on Delta Prime involved the minting of an astonishing number of deposit tokens, which represent claims to assets locked in liquidity pools. The attacker used an admin account, likely compromised through the theft of a private key, and exploited the protocol’s upgrade functions to manipulate the system. According to data from Arbiscan, the hacker minted over 115 duovigintillion (1.1 * 10^69) Delta Prime USD (DPUSDC) tokens, a deposit receipt tied to the stablecoin USDC.
🔗 Contracts from which the attacker executed withdrawals
DeltaPrimeWrappedETH: https://t.co/uQMLUZh1JD`
UsdcPoolTUP: https://t.co/sO9cYrSKwx
DeltaPrimeArbitrum: https://t.co/0uBcHsl831
DeltaPrimeBitcoin: https://t.co/LEA3foeHz6
DaiPoolTUP: https://t.co/c2gaZr96ve— Hacken🇺🇦 (@hackenclub) September 16, 2024
Despite creating this astronomical amount of deposit tokens, the hacker only burned a fraction of them—specifically 2.4 million DPUSDC—to withdraw a corresponding $2.4 million in USDC. The attack wasn’t limited to USDC alone. The hacker employed similar tactics to mint deposit tokens for Bitcoin (BTC), Ethereum (ETH), and Arbitrum (ARB), extracting over $1 million in these additional assets.
The attack appears to have originated from a stolen private key associated with one of Delta Prime’s developers. Once the attacker gained access to the admin account, they were able to trigger an upgrade function embedded in Delta Prime’s smart contracts, which governs the liquidity pools. By redirecting the contracts to a malicious proxy, they could bypass the system’s safeguards and mint unlimited amounts of deposit receipt tokens.
Such upgrade functions, while essential for protocols to patch vulnerabilities or implement improvements, can also introduce significant security risks. In this case, the centralized control afforded by the admin account allowed the hacker to compromise the integrity of the entire platform.
Blockchain security expert Chaofan Shou estimated that the total losses amount to $6 million. Delta Prime confirmed the breach, acknowledging that nearly $6-$7 million worth of assets had been drained from its protocol on Arbitrum. Fortunately, Delta Prime’s Avalanche-based version was unaffected, but the financial blow dealt to the Arbitrum platform was significant.
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
Delta Prime further noted that its insurance coverage might help offset some of the losses, though this remains to be seen. The protocol has been working with security experts to identify how the exploit occurred and prevent future attacks. However, the breach underscores the broader systemic risks DeFi platforms face.
This exploit is not an isolated incident; it is part of a larger trend of DeFi hacks and exploits that have plagued the ecosystem over the past few years. The total value lost to DeFi exploits has surged as attackers increasingly target upgradeable contracts, admin keys, and other centralized points of failure within ostensibly decentralized systems.
Upgradeable contracts, while useful for introducing necessary fixes and enhancements, often introduce vulnerabilities if their controls are poorly implemented or if private keys are compromised. In Delta Prime’s case, the control afforded to the admin account became a liability that allowed the hacker to exploit the system.
As DeFi continues to evolve, developers and users alike must grapple with the inherent risks posed by upgradeable contracts, centralized control mechanisms, and insufficient security measures. While decentralized systems aim to remove middlemen and central points of authority, they often rely on admin privileges to manage complex protocols—paradoxically introducing centralized vulnerabilities.
Conclusion
The $6 million exploit of Delta Prime serves as yet another reminder of the precarious state of DeFi security. As developers work to build the next generation of financial systems, they must remain vigilant in securing admin accounts, reviewing contract upgrade mechanisms, and implementing stronger security protocols.
Without such measures, the DeFi ecosystem remains a lucrative target for attackers.
Delta Prime, like other DeFi platforms hit by similar exploits, faces a long road to recovery. The incident reinforces the need for continuous innovation not just in the financial products offered by DeFi, but also in the security frameworks that protect them.
You may also like:- Man Makes ₹100 Crore in 17 Days After Buying Hippo-Inspired Crypto Coin
- Why Is Binance Founder CZ Being Released Two Days Early?
- eToro US Halts Most Crypto Trading After SEC Settlement
- CEX.IO Resumes UK Operations After Regulatory Halt
- Tether Acquires 9.8% Stake in Latin American Agriculture Leader Adecoagro
- Crypto Romance Scams – How They Work and How to Protect Yourself
- Analysts Caution 20% Bitcoin Decline as US Rate Cut Fuels Recession Fears
- WazirX Hacker Sends $6.5M to Tornado Cash
- Trapped in Nigeria – The Struggle of a Binance Executive Proclaiming Innocence
- WazirX Customers May Only Recover Half of Stolen Crypto