Crypto Broker DeltaPrime Drained of Over $6M Amid Apparent Private Key Leak
- Over $6 million in tokens were drained from DeltaPrime wallets due to a private key leak, affecting only the Arbitrum version of the project.
- The exploit involved a hacker gaining control over an admin proxy, redirecting it to a malicious contract, leading to significant financial loss.
Over $6 million worth of various tokens from wallets belonging to on-chain brokerage DeltaPrime were drained early Monday after an apparent private key leak, security researchers said on X.
The project is offered on both Arbitrum and Avalanche blockchains. Monday’s exploit impacted only the version on Arbitrum as of European morning hours - and users could not withdraw funds (on Arbitrum) due to how the utilization of borrowing and lending works on the platform.
A hacker gained control of 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, which is the admin of proxies. Then, the hacker upgraded the proxies to point to malicious contract 0xD4CA224a176A59ed1a346FA86C3e921e01659E73, Fuzzland founder Chaofan Shou said on X.
Proxy is a contract that interacts with users and other contracts. It contains minimal logic and serves as an intermediary, but it is a key part of any application, as a compromise can mean the entire protocol is impacted.
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
Security firm Cyvers confirmed the exploits in a Telegram message to CoinDesk, stating tit detected “multiple suspicious transactions” involving Delta Prime and that it “seemed that admin has lost the private key.
“Affected pools so far are the #DPUSDC, #DPARB, #DPBTCb,” Cyvers said, referring to on-chain lockers holding USDC stablecoins, Arbitrum’s ARB and bitcoin {{BTC}}.
Messages sent by Delta Prime team members on its Discord channel viewed by CoinDesk said the team was investigating and working on the issue. They did not outright confirm or announce the exploit or reveal specific details as of European morning hours.
DeltaPrime’s PRIME tokens are down 6.5% in the past 24 hours, tracking a market-wide drop led by ether {{ETH}}.