DeltaPrime, a decentralized lending and borrowing platform, has been compromised in a major cyber attack. At press time, the hack has resulted in a loss of $6 million and could lead to more losses. The blockchain security protocol Cyvers reported details regarding the nature of the exploit via X (formerly Twitter).
DeltaPrime Gets Hacked
DeltaPrime became a multi-chain protocol in September 2023 when it expanded its reach to the Arbitrum network. Current findings concerning the hack show that the exploit was perpetrated only in this chain. Funds in the Avalanche blockchain remain unaffected, with no reported vulnerabilities or incidents, providing relief for users who invested in that network.
Cyvers initially reported that the decentralized protocol hack was estimated at $4.5 million. However, a subsequent wave of malicious transactions escalated the total stolen amount to nearly $6 million. Highlighting how the hack was executed, the security protocol’s tweet wrote: the “attacker had control on the private key…then he upgraded the proxy.”
The hacker took control of DeltaPrime’s admin wallet and manipulated the contracts to steal $5.98 million from the platform’s pools on Arbitrum. They did this by redirecting the contracts to a malicious one, allowing them to drain the funds. This method of exploit is known as contract hijacking.
DeltaPrime Confirms Hack
The protocol’s silence after the Cyver updates left users in fear, uncertainty, and doubt. DeltaPrime took to X a few hours later to confirm the hack reports. The project’s team acknowledged the exploit, adding that investigators are trying to determine how this happened. It confirmed that the Avalanche version has more robust security and wasn’t affected.
DeltaPrime announced that the risk from the recent hack has been contained. It noted that the team is now focused on retrieving stolen assets and utilizing the insurance pool to cover potential losses. They claim to explore other additional measures to minimize user losses and will keep users informed of future updates via Discord and X.
Notably, recent hacks involving Asian platforms WazirX and Indodax have yet to be resolved. Over $255 million was lost in both hacks.
