TL;DR
- Delta Prime, a DeFi project, suffered a second hack in less than two months, with estimated losses of $4.5 million, bringing the total to $10.5 million.
- The attacker used a flash loan through the Balancer protocol to exploit a vulnerability in the reward claiming process.
- Delta Prime paused its operations on Arbitrum and Avalanche to contain the risk and is working on compensating affected users.
The decentralized finance (DeFi) project Delta Prime has fallen victim to a new hack, the second in less than two months. The estimated loss is $4.5 million.
This incident comes just weeks after a similar attack in September 2024, which resulted in a $6 million loss due to a private key leak. With this new episode, the total losses for the project approach $10.5 million.
Today's @DeltaPrimeDefi exploit leads to $4.8m loss. Since affected pools are now paused, we share our initial analysis below.
The exploit is made possible due to the lack of input validation in claiming possible rewards. Specifically, the exploiter provides an evil pair in… https://t.co/PH0yk9G3kP pic.twitter.com/upJVlJcVrL
— PeckShield Inc. (@peckshield) November 11, 2024
The attacker appears to be an experienced individual in exploiting vulnerabilities within the DeFi ecosystem, with a history of previous attacks. This time, the hack occurred through a suspicious transaction involving a flash loan obtained from the Balancer protocol.
This allowed the hacker to take advantage of a vulnerability in the input validation process during the reward claiming. After the attack, two addresses on Arbitrum were identified, receiving approximately $700,000 of the profits obtained. Meanwhile, on Avalanche, where most of the funds ($4.1 million) were stolen, the attacker has been using around $2 million on DeFi platforms like LFJ and Stargate to gain additional benefits.
DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.
With the protocol being paused on both chains, the risk is contained. We will provide updates asap.
— DeltaPrime (@DeltaPrimeDefi) November 11, 2024
Delta Prime Paused Operations and Promises Compensation to Affected Users
The Delta Prime protocol reacted swiftly by pausing its operations on both Arbitrum and Avalanche to contain the risk. The platform has assured that it is working on compensating the users affected by the previous attack and has issued a statement explaining the current situation. Despite the immediate response, security experts continue to warn about the platform’s vulnerability.
There is growing concern about security in decentralized finance, especially with the emergence of high-profile actors such as state-sponsored hackers. Among them are North Korean hackers.
Previous investigations, such as those by ZachXBT, had already pointed out the possible involvement of such actors in attacks on DeFi projects, including Delta Prime. In light of this, some development teams have begun implementing stricter security measures, such as hiring filters to detect possible infiltrators
