Highlights:
- DeltaPrime lost $4.8 million in a second major breach after a $6 million hack.
- PeckShield alerted that the hacker compromised DeltaPrime’s protocol on Arbitrum and Avalanche.
- DeltaPrime’s native token, PRIME, dropped 2.4% following the hack and is now $1.28.
On November 11, DeltaPrime, a decentralized borrowing protocol supported by Avalanche and GSR Markets, faced a substantial security breach, resulting in a loss of approximately $4.8 million. This is the platform’s second major security incident this year, after a $6 million hack in September.
Advertisement
Blockchain analytics firm PeckShield was the first to raise the alarm, revealing that the exploiter had compromised the protocol on both the Avalanche and Arbitrum networks, targeting ARB and AVAX tokens. The attackers exploited the system by adding around $1.3 million in liquidity to the USDC Farm on LFJ (formerly Trader Joe) and Stargate. This move allowed them to manipulate the platform, enabling unauthorized fund transfers.
DeltaPrime @DeltaPrimeDefi has been exploited for ~$4.8M worth of crypto on both #ARB & #AVAX.
The exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate pic.twitter.com/IYKs6CujlA— PeckShield Inc. (@peckshield) November 11, 2024
In response, the DeltaPrime team announced on Nov. 11 that it had suspended the protocol on both the Arbitrum and Avalanche blockchains. The breach highlights the need for strong security measures and constant monitoring to protect digital assets from evolving cyber threats.
DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.
With the protocol being paused on both chains, the risk is contained. We will provide updates asap.
— DeltaPrime (@DeltaPrimeDefi) November 11, 2024
DeltaPrime Under Scrutiny as Investigations Continue; PRIME Token Drops 2.4%
Although no confirmed link has been found between this latest breach and any external actors, DeltaPrime’s security framework and staffing decisions are expected to remain under close scrutiny as investigations unfold. Following the hack, DeltaPrime’s native token, PRIME, dropped 2.4% and is now trading at $1.28, according to CoinGecko.
DeltaPrime launched on the Avalanche network in early 2023 and rapidly gained momentum in the DeFi space. It attracted over $63 million in total value locked (TVL) and unlocked more than $20 million in liquidity on its platform.
The project, supported by industry leaders like Avalanche, Uplift, GSR Capital, and Moonhill Capital, aims to create a secure ecosystem for DeFi enthusiasts. However, ongoing security concerns may erode investor confidence. Blockchain analysts have raised questions about potential links to past operational issues.
DeltaPrime Suffers $6 Million Hack in September
DeltaPrime was hacked for at least $6 million, likely due to a leaked admin private key. On Sept. 16, Cyvers reported an initial loss of $4.5 million. However, Chaofan Shou from Fuzzland later reported that further malicious transactions pushed the stolen amount to nearly $6 million. Cyvers confirmed that the hack targeted the protocol’s Arbitrum version. They also noted that the hacker had converted the stolen USD Coin (USDC) into Ethereum (ETH).
🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!So far $5.93M has been drained!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024
Blockchain investigator ZachXBT recently revealed that DeltaPrime had hired individuals with alleged links to North Korea. However, these personnel were reportedly dismissed after the connections were discovered.
Idk if related but they were one of the teams with the DPRK IT workers I reached out to warn (was told they were all removed) https://t.co/cJ85VwZbbh
— ZachXBT (@zachxbt) September 16, 2024
Crypto Hacks Surge in 2024
Crypto hackers stole more than $753 million in 155 incidents during Q3 2024, reflecting a 9.5% increase in stolen value. So far in 2024, nearly $2 billion has been stolen, putting this year on track to surpass 2023.
📢 Get Ready for the CertiK Hack3D Q3 2024 Report!
We're launching the quarterly Hack3D Report for Q3 2024 tomorrow, October 2, 2024, at 10 AM ET. Stay tuned for detailed incident analyses, insights, and the latest stats on Web3 security. 🚨
Check out our preview and get… pic.twitter.com/CzR7iUlfGp
— CertiK (@CertiK) October 1, 2024
The first quarter alone saw $542.7 million in stolen funds, a 42% rise compared to 2023. In May, a trader lost millions in crypto in the year’s most high-profile phishing attack. The attacker persuaded the trader to transfer 99% of their funds to their address.
Advertisement
