Decentralized finance (DeFi) platform Delta Primes suffered a security breach on Monday, affecting users of the protocol. The attack took $6 million from the project’s funds and is under investigation. However, network investigators suspect it may be linked to North Korean hackers and part of a larger scheme.
Related Reading
Hackers Drain $6 Million from DeFi Protocol
On Monday morning, cybersecurity platform Cybers Alerts informed the community about the ongoing attack on DeFi lending protocol Delta Primes. The initial report revealed that the Cyvers system detected multiple suspicious transactions involving the project on the Arbitrum chain.
The transactions suggested that the DeFi protocol team had lost the private key, initially losing $4.5 million from the DPUSDC, DPARB, and DPBTCb pools. The drain address immediately became suspicious exchanged USDC for Ethereum (ETH).
In the following hour, Cyvers detailed that the attackers had apparently changed the proxy, pointing to a malicious address. Other reports explained that “this malicious contract could inflate the amount deposited by the hacker in all pools.”
Attackers drained another $1.48 million from the pools before the Delta Prime team regained control. Within two hours of the initial reports, the DeFi platform approached the incident.
According to the post, DeltaPrime Blue on the Arbritum network was attacked and drained of $5.98 million. The team confirmed that the attack occurred due to a compromised private key, and the cause is still under investigation.
The Delta Prime team also assures users that DetalPrime Red on Avalanche was safe from this attack, detailing that the “implementation here is covered only by multisigs and cold wallets (as it should be).”
Furthermore, the post claimed that the risk was already contained, assuring its community that the DeFi protocol’s insurance pool would cover potential losses:
The risk is contained, we are working on asset recovery and the insurance group will cover any potential losses whenever possible/necessary. In addition, we are looking for other ways to minimize user losses.
Are North Korean hackers responsible?
Despite the quick response, some users expressed concern about the incident. When asked about it, the team explained that there were no timelocks for DeltaPrime Blue:
This is exactly what timelocks are for. The change from this hot, non-timelocked owner to a cold timelocked owner should have been done in Arbitrum as it was in Avalanche (and like other early owners in Arbi)
One community member criticized the team for not having the same security measures in place on DeltaPrime Blue and Red, stating that there was no excuse for the mistake. Additionally, network detective ZachXBT suggested that the attack could be linked to a larger scale problem.
A month ago, Zach assisted another team in another crypto hack. The investigation revealed that over 25 projects within the space unknowingly hired multiple IT workers from North Korea using fake identities as developers.
Related Reading
Today, the crypto detective revealed that the DeFi protocol was among the teams he warned about North Korean IT workers in August. He also noted that the method used to exploit Delta Prime was similar to the hack he originally assisted.
At the time of writing, Delta Prime staff did not address the possible connection. However, they did state that they would be focusing on recovering the funds and that “the event is not over yet.”
Featured image from Unsplash.com, chart from TradingView.com