YEREVAN (CoinChapter.com) — A hacker stole $6 million from Delta Prime, a decentralized finance (DeFi) protocol, by minting an excessive amount of deposit receipt tokens and redeeming only a small portion for cryptocurrency.
Delta Prime Exploited by Hacker Minting Excessive Tokens
The attacker minted more than 115 duovigintillion Delta Prime USD (DPUSDC) tokens during the exploit. These DPUSDC tokens are receipts for USDC, which is a stablecoin held at Delta Prime, with a 1:1 redemption ratio. Despite the large number of minted tokens, the hacker burned just 2.4 million of them, redeeming $2.4 million in USDC stablecoins.
Delta Prime Attack Transaction Details. Source: Arbiscan
After successfully minting DPUSDC tokens, the attacker then replicated the process with other deposit receipt tokens. For instance, they minted over 1 duovigintillion Delta Prime Wrapped Bitcoin (DPBTCb), followed by 115 octodecillion Delta Prime Wrapped Ether (DPWETH), and several others. Consequently, the hacker redeemed over $1 million in Bitcoin (BTC), Ether (ETH), and Arbitrum (ARB) tokens.
Private Key Breach Enables Attack on Delta Prime
Once the hacker accessed the developer’s private key, they were able to take control of an admin account ending in b1afb. With this access, the attacker then proceeded to execute an “upgrade” function on Delta Prime’s liquidity pool contracts. This function, intended for software updates, allowed the hacker to point each proxy to a malicious contract they had created. As a result, this malicious contract gave them the ability to mint a massive number of deposit receipt tokens.
By exploiting this process, the hacker drained multiple liquidity pools without having to attack each user individually.
Confirmation of $7M Loss from Attack
In a post on X, Delta Prime confirmed the breach, stating,
“At 6:14 AM CET, DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M.” The team clarified that only the DeltaPrime Blue version on Arbitrum was affected, while the Avalanche version remained secure. Delta Prime also mentioned that the protocol’s insurance would cover losses “where possible.”
DeltaPrime Blue Exploit Update: $5.98M Drained. Source: DeltaPrimeonX
Security expert Chaofan Shou estimated the total loss at $7 million, confirming that the attack occurred due to vulnerabilities in the protocol’s upgradeable contracts.
Delta Prime Admin Key Leak and $7M Loss. Source: Chaofan Shou
The post Hacker Drains $6M from Delta Prime in Token Minting Exploit appeared first on CoinChapter.
