DeltaPrime, a decentralized finance (DeFi) platform, suffered a significant security breach resulting in a loss of over $5.9 million. The attack, which occurred during the European morning hours, involved a hacker exploiting the Arbitrum part of the protocol. The hacker took control of an admin wallet and redirected funds to a malicious transaction, using a compromised private key and an updated proxy to withdraw the funds. As the hack unfolded, approximately $4.5 million was already exchanged for ETH dollars by the time it was reported.
Cyvers Alerts, a blockchain security platform, first raised the alarm about the breach, highlighting that the hacker had hijacked the admin wallet and was continuing to withdraw funds. Over $5.93 million was ultimately stolen, with the hacker manipulating the transaction route through a malicious trac, inflating the amounts deposited across pools. This enabled the hacker to siphon significant funds without being immediately detected. The loss was initially estimated at $6 million, which further increased the severity of the attack on DeltaPrime’s operations.
This breach follows a similar incident in July 2024, where a previous hack resulted in a $1 million loss across 13 different accounts. Although DeltaPrime managed to recover a substantial portion of those funds, around $900,000, they still used $100,000 from their stability pool to compensate the affected users. The repeated nature of these attacks has raised concerns over the security protocols of DeFi platforms and the vulnerability to sophisticated hacking techniques.
ZachXBT, a well-known cryptocurrency investigator, has linked the recent DeltaPrime attack to the North Korean Lazarus Group, a notorious cybercriminal organization. He pointed out that the hacker’s strategy mirrored the methods used by the Lazarus Group in previous DeFi-related attacks. These tactics included transferring stolen assets across blockchain networks and laundering large sums through privacy services such as Tornado Cash, making it difficult to trace the origin of the funds. This connection to Lazarus has sparked renewed concerns about the increasing targeting of the DeFi sector by state-sponsored threat actors.
Reference: