- Hacker exploited Delta Prime’s upgrade function to mint massive tokens.
- Over $6M in assets were stolen, including Bitcoin, Ether, and stablecoins.
- Attack exposes risks of upgradable contracts in decentralized finance.
Delta Prime, a DeFi platform operating on the Arbitrum network, has fallen victim to a major cyberattack where a hacker exploited a vulnerability in the platform’s token minting system, successfully draining over $6 million from its liquidity pools.
The breach began when the attacker gained control of Delta Prime’s admin account, likely by stealing the developer’s private key.
How the Delta Prime hack unfolded
With access to the admin wallet, the hacker used the platform’s upgrade function to modify several liquidity pool contracts. These contracts were linked to proxy addresses, a mechanism designed to allow developers to implement software upgrades.
However, instead of upgrading the software, the attacker pointed the contracts to malicious versions that allowed them to mint arbitrarily large numbers of tokens.
According to blockchain data provided by block explorer Arbiscan, the hacker initially minted over 115 duovigintillion Delta Prime USD (DPUSDC) tokens, an astronomical figure represented as 1.1*10^69 in scientific notation.
DPUSDC serves as a deposit receipt token for the USDC stablecoin, intended to be redeemed at a 1:1 ratio.
Despite minting a massive amount of DPUSDC, the hacker redeemed only $2.4 million worth of USDC.
The same exploit was applied to other deposit receipt tokens, including Delta Prime Wrapped Bitcoin (DPBTCb), Delta Prime Wrapped Ether (DPWETH), and Delta Prime Arbitrum (DPARB). The attacker minted massive quantities of these tokens and redeemed a small fraction, ultimately stealing over $6 million in assets, including Bitcoin, Ether, Arbitrum, and USDC.
Cyvers, an on-chain security platform, was one of the first to report the attack, warning that the losses were initially $4.5 million but quickly escalated as the hacker continued draining pools.
🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.
Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb
then he upgraded the proxy!So far $5.93M has been drained!
Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
— 🚨…