Key Takeaways
An alleged exploit of a high-risk vulnerability has brought DeFi protocol Delta Prime to its knees, with hackers making off with $6 million in crypto from the major crypto lending platform.
Hackers allegedly gained access to the platform’s systems after compromising admin key 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb.
After gaining access, the attackers upgraded key proxy contracts to point to a malicious address, 0xD4CA224a176A59ed1a346FA86C3e921e01659E73.
This malicious upgrade allowed the hacker to take control of funds in several pools, including DPUSDC, DPARB, and DPBTCb, all operating on the Arbitrum chain.
The attacker then exploited the vulnerability to artificially inflate deposited amounts, ultimately draining approximately $6 million in various crypto assets.
The hacker began to launder the stolen funds in the aftermath by swapping USDC for ETH. The next destination for the stolen ETH is likely Tornado Cash, a notorious crypto-mixing tool designed to conceal on-chain movements.
On-chain sleuth ZachXBT hinted at the possibility of a link between the hacker and the notorious Lazarus Group, a cybercrime syndicate linked to the North Korean government.
According to ZachXBT, the attacker’s modus operandi bears striking similarities to that of Lazarus’ hackers, who often infiltrate crypto companies through social engineering techniques.
Lazarus members often assume fake identities to secure jobs as developers or IT personnel, only to exploit their positions of trust to insert malicious code and pilfer sensitive data.
ZachXBT noted that he had flagged the issue to the community in August and was assured that these workers had all been removed from the different protocol developer teams.
However, the Delta Prime hack raises pressing questions about the effectiveness of these measures and the continued presence of rogue actors in the crypto ecosystem.
This is a developing story…