- Over $6 million in tokens have been stolen from DeltaPrime wallets due to a suspected private key leak
- The attack has impacted only DeltaPrime’s Arbitrum-based version, rendering users unable to withdraw funds on that network
- Security firms and DeltaPrime have acknowledged the breach, but full details are still under investigation
More than $6 million in various tokens have been stolen from DeltaPrime, an on-chain brokerage, after a suspected leak of private keys early Monday. The breach, which occurred on the Arbitrum blockchain, left users unable to withdraw funds due to how borrowing and lending mechanisms work on the platform. Security experts and DeltaPrime have confirmed the hack but are still investigating the full extent of the exploit.
Proxy Wallet Compromised
The hacker reportedly gained control of an administrative proxy wallet, which enabled them to upgrade the system’s contracts to point to a malicious one. Proxies, crucial to smart contract applications, act as intermediaries, so when compromised, they can expose entire protocols to attacks.
Chaofan Shou, founder of Fuzzland, revealed on X that “A hacker gained control of admin wallet 0xx40e4ff9e and pointed it to a malicious contract”:
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
Security firm Cyvers confirmed the incident in a Telegram message, explaining that it had detected multiple suspicious transactions involving DeltaPrime’s funds. “It seems that the admin has lost the private key,” Cyvers reported. Among the affected pools are those holding USDC stablecoins, Arbitrum’s ARB token, and bitcoin (BTC).
DeltaPrime Keeps Cards Close to Its Chest
DeltaPrime’s team has responded cautiously, acknowledging the incident on their Discord channel and on X but stopping short of confirming the details:
DeltaPrime Blue exploited, this is the current status:
At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
DeltaPrime Red (Avalanche) is not vulnerable…
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024
Meanwhile, DeltaPrime’s PRIME token has seen a 10% drop since the incident, although this is in line with the entire market, which has experienced a correction at the same time.