Skip to content

Over $6 million stolen in DeltaPrime breach; linked to private key leak

  • by
  • 2 min read

DeltaPrime, an online cryptocurrency trading platform, was hacked on Monday. The hackers exploited a confidential cryptographic key to breach nearly $6 million in crypto assets.

The attackers targeted DeltaPrime’s operations on the Arbitrum blockchain, bypassing their Avalanche-based services. Due to the nature of DeltaPrime’s borrowing and lending system on Arbitrum, users could not withdraw funds during the incident, compounding concerns.

Using address 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, the hacker reportedly took control of DeltaPrime’s proxy administrator. This position allowed the hacker to upgrade critical proxies, redirecting them to a malicious contract identified as 0xD4CA224a176A59ed1a346FA86C3e921e01659E73, confirms security researcher Chaofan Shou.

“It seems that the admin has lost the private key. Suspicious address still draining the pools!,” security firm Cyvres tweeted. “Total estimated loss is around $4.5 million so far! however, suspicious address still draining the pools! Total loss might increase!”

Cyvers also highlighted that the affected pools included the DPUSDC, DPARB, and CPBTCb lockers, which hold stablecoins, Arbitrum tokens, and Bitcoin, respectively.

DeltaPrime confirmed the hack on X, stating, “At 6:14 AM CET, DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.”

The company also assured the customers that DeltaPrime (Avalanche) had not been affected, as it is protected by multi-sig and cold wallets. Currently, the threat has been contained, and the company is working on asset retrieval.

“The risk is contained, we’re working on asset-retrieval and the insurance pool will cover any potential losses where possible/necessary. Additionally, we’re looking into other ways to reduce user losses to a minimum,” continued DeltaPrime.

Recently, crypto researcher ZachXBT tweeted that DeltaPrime, a crypto exchange, had hired IT workers from the Democratic Republic of Korea (DPRK). After being warned, DeltaPrime removed them. It is still unclear who the attackers are, but there is a high probability that DPRK is involved.

A few months back, WazirX, India’s leading crypto exchange, was robbed of $230 million in one of the country’s biggest crypto heists.

In the News: Fortinet admits hacker stole customer data from its servers

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of facebook featured

Meta plans to introduce full passkey support for Facebook on mobile

This is an image of cloudflare featured office san fran 1

Cloudflare blocks record-breaking DDoS attack

This is an image of cyber security hacked breach

UBS employee data leaked following Chain IQ data breach

This is an image of duckduckgo 3909sdi9903

DuckDuckGo’s browser is expanding its scam defence

This is an image of scam call featured 1

Netflix, Microsoft, and Bank of America websites hijacked by scammers

Photo by jivacore/shutterstock. Com

Novel Linux flaw lets attackers get root access

>