Hack Explained - DeltaPrime

Hack Explained - DeltaPrime

·

2 min read

DeltaPrime is a decentralised finance (DeFi) platform that facilitates borrowing and investing on-chain. It operates primarily on the Arbitrum and Avalanche networks. Recently, DeltaPrime fell victim to a significant security breach where $5.98 million was stolen from its Arbitrum deployment. The cause of the hack was a compromised private key, which allowed the attacker to exploit administrative privileges, leading to the draining of funds from various liquidity pools.

Behind the Breach

The hack was initiated when the attacker gained access to an admin private key. This enabled the attacker to call the "upgrade" function on DeltaPrime’s proxy contracts. By doing so, they could redirect these contracts to a malicious implementation. Once control was established, the attacker minted an enormous number of deposit receipt tokens, which were then redeemed for assets like USDC, WBTC, and WETH, systematically draining the liquidity pools. The attacker managed to convert most of the stolen tokens to Ethereum before moving them through various wallets to obscure their trail. Investigators have speculated possible links to North Korean hacker groups, though no definitive evidence has been established yet.

Lessons from the Incident

This breach underscores the critical vulnerabilities that arise from poorly secured private keys and upgradable smart contracts. The core issue here was the exposure of a single private key, which gave the attacker unchecked access to modify and exploit the platform. To mitigate such risks in the future, the following controls could be considered:

  • Multi-signature wallets: Implementing multi-signature (multi-sig) wallets for administrative functions would require multiple parties to authorise contract changes, reducing the risk from a single compromised key.

  • Timelocks for contract upgrades: Introducing timelocks for critical contract changes would give stakeholders time to review and potentially reverse malicious updates before they take effect.


Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and 360 degree security services for Web3. Visit rivanorth.com to find out more.

You build the future. We help you secure it.