DeltaPrime was hacked for $4.8 million, making it a two-time target this year.
DeltaPrime, a DeFi liquidity protocol, was hacked on November 11 for $4.8 million, increasing the massive amounts of crypto lost to cybercriminals this year. 2024’s cybercrime-related crypto losses have surpassed the amounts recorded in 2023.
The attacker managed to drain Arbitrum (ARB) and Avalanche (AVAX) tokens. Blockchain security firm PeckSheild gave some information about the hack on its account on social media platform X.
“The exploit is made possible due to the lack of input validation in claiming possible rewards,” adding, “Specifically, the exploiter provides an evil pair in order to change the collateral asset into reward asset.” It explained that, by indulging in this process, the attacker was able to retrieve their collateral while leaving their loan unpaid. “We also notice the exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate.”
DeltaPrime acknowledged the attack on its X account. “DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.” It added, “With the protocol being paused on both chains, the risk is contained. We will provide updates asap.”
A Hacker Looted $6 Million From DeltaPrime in September
This marks DeltaPrime’s second hack in under two months, which can be seen as nothing but unfortunate. The successful attacks only show how relentless cybercriminals in this space have become, stopping at nothing to exploit DeFi protocols and centralized exchanges (CEXs) at every turn.
In September, the DeFi liquidity protocol’s dApp on the Arbitrum network was exploited for $6 million. The hacker gained access to a private key that unlocked an admin wallet. With that, the bad actor was able to control the protocol’s contracts and direct funds to their wallet. Nevertheless, DeltaPrime assured its users that its insurance pool would cover all losses. Whether that remains the case this time around is to be seen.
Hacks like this are lining up this quarter, and we will know their true extent by the end of December, but last quarter was a massive setback for users, protocols, and centralized platforms. A Hacken report mentioned 28 attacks that led to $463.6 million in losses in Q3 2024. Nevertheless, it mentioned a trend of reducing losses over this year’s quarters, showing platforms are beefing up their security. That may be something DelaPrime should focus on to prevent similar situations from occurring again.
