Subscribe for notification
Crypto

Delta Prime Hacker Siphons $6 Million

A hacker created many deposit receipt tokens on the decentralized finance (DeFi) Delta Prime system, which allowed them to siphon off nearly $6 million.

Only $2.4 million of the nearly 115 duovigintillion USDC deposit receipts the exploiter generated were redeemed.

In the first attack, the attacker created more than 115 duovigintillion Delta Prime USD (DPUSDC) tokens, or more than 1.1*10^69 in scientific notation, according to statistics from block explorer Arbiscan.

A deposit receipt for USDC$1.00 stablecoin held at Delta Prime is denoted by the symbol DPUSDC. It is meant to be redeemed for USDC in a 1:1 ratio.

The attacker only burnt 2.4 million of the USDC deposit receipts they had created, earning $2.4 million in USDC stablecoin.

Attacker minting a very large number of DPUSDC tokens and redeeming some of them. Source: Arbiscan.

After minting over one duovgintillion Delta Prime Wrapped Bitcoin (DPBTCb), 115 octodecillion Delta Prime Wrapped Ether (DPWETH), 115 octodecillion Delta Prime Arbitrum (DPARB), and numerous other deposit receipt tokens, the attacker repeated these steps for other deposit receipt tokens. Ultimately, the attacker redeemed a small portion of the minted amount to obtain over $1 million in Bitcoin BTC$57,762, Ether ETH$2,284, Arbitrum (ARB), and other tokens.

Blockchain security expert Chaofan Shou estimates that the attacker has already taken almost $6 million.

Source: Chaofan Shu.

The attacker most likely obtained control of an admin account ending in b1afb by obtaining the developer’s private key, which allowed them to mint these deposit receipt tokens. Using this account, they called an “upgrade” function on every liquidity pool contract in the protocol.

The purpose of these features is to facilitate software upgrades. Setting the proxy point to a new implementation address enables the developer to modify the code within a contract.

However, the attacker pointed each proxy to a fraudulent contract they had written using these functions. The attacker could empty each money pool by minting many deposit receipts through each fraudulent contract.

Delta Prime attacker upgrading contracts. Source: Arbiscan.

In an X post, Delta Prime confirmed the incident: “At 6:14 AM CET, DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98 million.”

It asserted that DeltaPrime Blue, the Avalanche version, is impervious to the assault. Additionally, it said that “where possible/necessary,” the protocol’s insurance “will cover any potential losses.”

The Delta Prime assault demonstrates the danger of employing upgradeable contracts in DeFi protocols.

The Web3 ecosystem is meant to stop whole protocols from being exploited by private vital attacks.

In theory, all it would take for an attacker to deplete the protocol is for them to have the private keys of each user. Upgradable contracts, however, bring a centralization risk that could result in the loss of funds for the whole user base.

However, some protocols think that giving up the option to upgrade would be worse than the alternative because it might make it harder for a developer to address flaws discovered after distribution. The question of whether protocols should support updates or not is still being debated by Web3 developers.

Smart contract exploits still put Web3 users at risk. On September 11, an attacker used a code pointing to an unconfirmed function on a different contract to siphon almost $1.4 million from a CUT token liquidity pool.

The Penpie protocol saw the theft of approximately $27 million on September 3, when the attacker was able to register their malicious contract as a token market.

Ruth Okarter

Ruth is a seasoned news reporter and editor who brings her sharp eye and passion for storytelling to Protechbro.com. With a background in English and literary studies, Ruth crafts compelling narratives that unpack the complexities of the ever-evolving tech landscape.

Disqus Comments Loading...

Recent Posts

Crypto Companies Could See More US Listings if Trump Wins

According to a research report from HTX Ventures, the trend of crypto companies departing the United States could be halted,…

11 hours ago

Metaplanet Joins Global Equity Index

Metaplanet Inc., a Japanese investment firm, has been admitted to the CoinShares Blockchain Global Equity Index (BLOCK Index). Prominent publicly…

11 hours ago

Major South Korean Banks Join CBDC Pilot

The central bank's CBDC pilot, which is rapidly expanding, has attracted the participation of numerous prominent South Korean banks and…

11 hours ago

BTC Plummets, Mt.Gox Sends $2.2B in Bitcoin to 2 Wallet

After first going to a Mt.Gox cold wallet, most of that stash—nearly 30,400 bitcoin BTC—was sent to "1FG2C…Rveoy," and 2,000…

15 hours ago

Firms Unveil Global Dollar Stablecoin Network

Major banking firms launched the Global Dollar Network, a regulated platform designed to accelerate stablecoin adoption worldwide. Crypto and traditional…

15 hours ago

Sky Co-Founder Proposes No New Token Emissions

Rune Christensen, co-founder of Sky (formerly MakerDAO), proposes a strictly deflationary model to stop token emissions, in line with MakerDAO’s…

1 day ago