According to CoinDesk, over $6 million in tokens were drained from DeltaPrime wallets due to a private key leak, affecting only the Arbitrum version of the project. The exploit involved a hacker gaining control over an admin proxy, redirecting it to a malicious contract, leading to significant financial loss.
The project is offered on both Arbitrum and Avalanche blockchains. Monday’s exploit impacted only the version on Arbitrum as of European morning hours, and users could not withdraw funds on Arbitrum due to how the utilization of borrowing and lending works on the platform. A hacker gained control of the admin proxy and upgraded it to point to a malicious contract, as stated by Fuzzland founder Chaofan Shou.
Security firm Cyvers confirmed the exploits in a Telegram message to CoinDesk, stating it detected “multiple suspicious transactions” involving DeltaPrime and that it “seemed that admin has lost the private key.” Affected pools include #DPUSDC, #DPARB, and #DPBTCb, referring to on-chain lockers holding USDC stablecoins, Arbitrum’s ARB, and bitcoin.
Messages sent by DeltaPrime team members on its Discord channel viewed by CoinDesk said the team was investigating and working on the issue. They did not outright confirm or announce the exploit or reveal specific details as of European morning hours. DeltaPrime’s PRIME tokens are down 6.5% in the past 24 hours, tracking a market-wide drop led by ether.