On November 11, DeltaPrime, a DeFi liquidity protocol, confirmed a hack in which approximately $4.75 million worth of Arbitrum (ARB) and Avalanche (AVAX) tokens were stolen. The protocol recommended that users revoke permissions for active smart contracts to prevent further losses.
According to analysts at PeckShield, the incident occurred due to insufficient input validation during reward claiming. The attacker exploited a vulnerability to swap the collateral asset for the reward, thus stealing the original loan collateral while leaving the debt unpaid.
Today's @DeltaPrimeDefi exploit leads to $4.8m loss. Since affected pools are now paused, we share our initial analysis below.
— PeckShield Inc. (@peckshield) November 11, 2024
The exploit is made possible due to the lack of input validation in claiming possible rewards. Specifically, the exploiter provides an evil pair in… https://t.co/PH0yk9G3kP pic.twitter.com/upJVlJcVrL
Additionally, the hacker added liquidity worth about $1.3 million to the LFJ platform (formerly Trader Joe) and, via the cross-chain bridge Stargate, received around $600,000 in USDC.
DeltaPrime @DeltaPrimeDefi has been exploited for ~$4.8M worth of crypto on both #ARB & #AVAX.
— PeckShield Inc. (@peckshield) November 11, 2024
The exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate pic.twitter.com/IYKs6CujlA
In response to the incident, the DeltaPrime team suspended the protocol’s operations on the Arbitrum and Avalanche networks.
DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.
— DeltaPrime (@DeltaPrimeDefi) November 11, 2024
With the protocol being paused on both chains, the risk is contained. We will provide updates asap.
To minimize risks, users are advised to revoke permissions for active contracts via the Revoke service.
This is the second major hack DeltaPrime has faced this fall. In September, the company suffered a $6 million loss due to a private key leak on the Arbitrum network. Analyst ZachXBT suggested that North Korean hackers might have been involved, posing as Canadian and Japanese nationals.
According to PeckShield, the crypto industry suffered from 20 hacking attacks in October, with losses totaling approximately $88.47 million. The largest incident last month was the hack of the lending platform Radiant Capital, resulting in a $53 million loss.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.