Home / News / Crypto / News / Delta Prime Hack: $6M Drained Following Admin Key Exploit, Potential Lazarus Link?
News
2 min read

Delta Prime Hack: $6M Drained Following Admin Key Exploit, Potential Lazarus Link?

Published September 16, 2024 8:50 AM
Prashant Jha
Published September 16, 2024 8:50 AM
By Prashant Jha
Verified by Insha Zia

Key Takeaways

  • The DeFi lending protocol Delta Prime is under attack.
  • Hackers had drained $6 million at the time of writing.
  • ZachXBT claimed the hack has links to North Korea.

An alleged exploit of a high-risk vulnerability has brought DeFi protocol Delta Prime to its knees, with hackers making off with $6 million in crypto from the major crypto lending platform.

Delta Prime Admin Key Compromised 

Hackers allegedly gained access  to the platform’s systems after compromising admin key 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb.

After gaining access, the attackers upgraded key proxy contracts to point to a malicious address, 0xD4CA224a176A59ed1a346FA86C3e921e01659E73.

This malicious upgrade allowed the hacker to take control of funds in several pools, including DPUSDC, DPARB, and DPBTCb, all operating on the Arbitrum chain.

Delta Prime protocol
Delta Prime hacked

The attacker then exploited the vulnerability to artificially inflate deposited amounts, ultimately draining approximately $6 million in various crypto assets.

The hacker began to launder the stolen funds in the aftermath by swapping USDC for ETH. The next destination for the stolen ETH is likely Tornado Cash, a notorious crypto-mixing tool designed to conceal on-chain movements.

ZachXBT Points to Potential Lazarus Link

On-chain sleuth ZachXBT hinted at the possibility  of a link between the hacker and the notorious Lazarus Group, a cybercrime syndicate linked to the North Korean government.

According to ZachXBT, the attacker’s modus operandi bears striking similarities to that of Lazarus’ hackers, who often infiltrate crypto companies through social engineering techniques.

Lazarus members often assume fake identities to secure jobs as developers or IT personnel, only to exploit their positions of trust to insert malicious code and pilfer sensitive data.

ZachXBT noted that he had flagged the issue to the community  in August and was assured that these workers had all been removed from the different protocol developer teams.

However, the Delta Prime hack raises pressing questions about the effectiveness of these measures and the continued presence of rogue actors in the crypto ecosystem. 

This is a developing story…

Was this Article helpful? Yes No