DeltaPrime, a decentralized finance protocol, suffered a significant exploit this Monday, with $4.75 million in tokens reportedly stolen from multiple pools on Arbitrum and Avalanche.
DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm. With the protocol being paused on both chains, the risk is contained. We will provide updates asap.
The attack, confirmed by blockchain analysts, highlights ongoing vulnerabilities in DeFi platforms and has reignited scrutiny around DeltaPrime’s security measures, especially following a previous $6 million breach in September.
The Nov. 11 breach reportedly stemmed from a flaw in DeltaPrime’s periphery adaptor contract. CertiK, a prominent blockchain analytics firm, tracked the stolen assets to an address, 0x56…634c, where the funds remain as of this report.
#CertiKInsight 🚨 Multiple @DeltaPrimeDefi pools on Arbitrum were drained, likely due to vulnerability in the periphery adaptor contract, resulting a loss of about $750K. The majority of the stolen fund is at 0x56e7f67211683857ee31a1220827cac5cdaa634c Stay Vigilant!
Following confirmation from DeltaPrime, security experts began exploring the protocol’s vulnerabilities and questioning the adequacy of its recent security updates.
This incident marks the second significant hack DeltaPrime has experienced in two months, a troubling pattern for investors and contributors alike.
Previous attacks raise questions over protocol security
DeltaPrime, which launched on the Avalanche network in January 2023, was previously targeted in September, resulting in a $6 million loss.
That attack exploited weak private key security, allowing hackers to gain control of an empty vulnerable pool within the protocol.
Since then, security concerns have continued to follow DeltaPrime, especially as decentralized platforms increasingly find themselves vulnerable to sophisticated cyber threats.
The previous breach led some to speculate on DeltaPrime’s security protocols, as blockchain sleuth ZachXBT revealed that the company had briefly employed North Korean IT personnel.
Although all flagged employees have since been removed from DeltaPrime’s operations, the coincidence has raised questions about any potential links to organized cyber-crime entities in North Korea.
There remains no direct evidence connecting the recent attack to this particular workforce.
CertiK flags stolen funds as probe deepens
Blockchain analysts have raised concerns regarding DeltaPrime’s approach to managing high-value digital assets, especially given the platform’s earlier security breaches.
CertiK analysts tracked the $4.75 million in stolen tokens, which remain static in the Ethereum address 0x56…634c.
CertiK’s data suggests that DeltaPrime’s periphery adaptor contract, intended to interact with external pools on Arbitrum and Avalanche, contained critical vulnerabilities that the hackers exploited, underscoring the importance of rigorous security audits for emerging DeFi protocols.
CertiK and other analysts are urging DeltaPrime to overhaul its security protocols and conduct comprehensive audits to restore investor confidence.
Some security firms have advocated for decentralized platforms to adopt multi-layered security solutions, especially those managing significant liquidity pools, as investor scrutiny on DeFi security heightens.
DeltaPrime’s background
Since its inception, DeltaPrime has experienced rapid growth, attracting over $63 million in total value locked (TVL) and providing $20 million in liquidity within its first year.
The protocol, backed by prominent blockchain players like Avalanche, GSR Markets, Moonhill Capital, and Uplift, initially launched with high expectations for transforming decentralized finance.
However, with two major attacks within months, DeltaPrime’s security practices are under considerable pressure.
The DeltaPrime breach is likely to intensify calls for tighter security protocols in DeFi, especially as the sector grapples with increasingly complex cyber threats. The recent attack highlights a common challenge for DeFi protocols—balancing rapid growth and decentralization with robust security and oversight.
While the protocol has yet to disclose any recovery efforts or recompensation plans, analysts speculate that DeltaPrime will need to take substantial measures to regain user trust, including third-party audits and enhanced contract security layers.
DeFi security under the spotlight
DeltaPrime’s recent exploit serves as a stark reminder of the risks associated with DeFi platforms, which operate with minimal central oversight.
For investors and users, these incidents underscore the importance of understanding the security measures of any DeFi platform.
While decentralization offers greater autonomy, it also presents unique security challenges that platforms like DeltaPrime are continually learning to navigate.
As decentralized finance continues to evolve, robust security protocols will be paramount to ensuring the sector’s long-term viability.
The post DeltaPrime loses $4.75 million in second hack within two months appeared first on Invezz