Over $6 million in various tokens from wallets belonging to on-chain DeFi platform, DeltaPrime were drained earlier today (Monday 16 September) after an apparent private key leak – and now cyber sleuth has stirred the pot alleging North Korea Lazarus Group involvement.
The DeltaPrime hack only affects the Arbitrum side of the platform. Web3 security experts on X have said that the exploit involved a hacker gaining control over an admin proxy, redirecting it to a malicious contract, and allowing the bad actors to drain over $6 million from DeltaPrime wallets.
DeltaPrime Hack First Picked Up On Social Media By Web3 Security Expert
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP!https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
It was first picked up by an X user named ‘Chaofan Shou‘. Shou is the co-founder of Web3 Security Analyst firm, Fuzzland. He posted earlier today, warning that DeltaPrime’s admin private keys were leaked, telling users to withdraw funds immediately. Initially, Shou claimed that $7 million had been drained before clarifying that it was actually $4 million. His last update showed that over $6 million had been stolen.
Chaofan posted details on the hack, saying a hacker had gained control of 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, the admin of proxies. Then, the hacker upgraded the proxies to point to malicious contract 0xD4CA224a176A59ed1a346FA86C3e921e01659E73.
Notable Crypto Scam Investigator ZachXBT Claims That The DeltaPrime Hack May Have Links To North Korea
ZachXBT has recently published a huge expose on North Korea’s Lazarus group. Lazarus is a hacker group made up of an unknown number of individuals. It is alleged to be run by the government of North Korea. While little is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010.
In his expose from August 15, Zach said that he had reached out to 25+ Web3 projects that had unknowingly hired malicious IT workers with links to North Korea. In relation to the DeltaPrime hack, Zach commented on Chaofan Shou’s post, saying Idk (I don’t know) if it related, but they were one of the teams with the DPRK IT workers I reached out to warn (I was told they were all removed).
DeltaPrime Acknowledged The Hack, Saying The Risk Is Contained And Is ‘Focused On Asset Retrieval’
DeltaPrime Blue exploited, this is the current status:
At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
DeltaPrime Red (Avalanche) is not vulnerable…
— DeltaPrime (@DeltaPrimeDefi) September 16, 2024
Over an hour ago, DeltaPrime posted to its X account, acknowledging the exploit. In the post, the team confirmed that only the Arbitrum arm is affected and that the Avalanche side of the platform ‘is not vulnerable.’
There have been no further updates from the team since that post at 9:55 a.m. BST. As per CoinGecko data, PRIME, the native token for the DeltaPrime platform, has reacted negatively to the news. It is down 6% in the past 24 hours. However, PRIME looks to be holding steady at around $0.997 following the team’s announcement that the risk is contained.
Disclaimer: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.
Why you can trust 99Bitcoins
Established in 2013, 99Bitcoin’s team members have been crypto experts since Bitcoin’s Early days.
Weekly Research
100k+Monthly readers
Expert contributors
2000+Crypto Projects Reviewed
