BCGAME - Free 5BTC Daily Bonus!- $6 million exploration at DeltaPrime
- Admin key compromise allowed the attack
- Possible links to North Korean IT
Decentralized finance (DeFi) protocol DeltaPrime has been the target of a $16 million exploit, blockchain security firm Cyvers reported on Sept. XNUMX. The flaw was caused by a compromised administrator key, a detail that allowed the attacker to manipulate the system to their advantage.
Meir Dolev, CTO of Cyvers, detailed the process used by the criminal, stating: “[T]he hacker took control of the wallet that is the administrator of Delta Prime’s proxy contacts, and later updated those contracts to point to his malicious contract, which allowed the hacker to drain Delta Prime’s pools on the Arbitrum chain.” Additionally, it was observed that the attacker initiated the exchange of part of the stolen assets for Ethereum.
As of yet, the DeltaPrime team has not publicly commented on the incident, leaving the community on high alert. This latest breach follows a previous incident two months ago, in which DeltaPrime had already lost $1 million due to another hack. In this previous attack, the attacker exploited a misconfiguration to take control of thirteen different Prime Accounts, liquidating loans and withdrawing collateral.
Following the July incident, DeltaPrime said it had reviewed and fixed the vulnerable code, and refunded affected users nearly all of the money they had lost.
DeltaPrime’s situation is further complicated by allegations of ties to North Korea. ZachXBT, a cyber-malicious activity investigator, noted that the platform may have employed IT developers from the sanctioned country. “I warned the DeFi platform about hiring developers from the sanctioned country earlier this year,” ZachXBT said. DeltaPrime, for its part, said it had terminated the identified employees, but the connection between the hacks and North Korea remains unclear.
Attacks carried out by North Korean actors are nothing new. They frequently infiltrate crypto companies to extract information and carry out targeted attacks, as evidenced by previous exploits on other major platforms.
