Wednesday, 9 October 2024
Trending

Crypto News

Delta Prime DeFi hacker exploited token minting bug, managed to drain $6M

Delta Prime DeFi hacker exploited token minting bug, managed to drain $6M

  • Hacker exploited Delta Prime’s upgrade function to mint massive tokens.
  • Over $6M in assets were stolen, including Bitcoin, Ether, and stablecoins.
  • Attack exposes risks of upgradable contracts in decentralized finance.

Delta Prime, a DeFi platform operating on the Arbitrum network, has fallen victim to a major cyberattack where a hacker exploited a vulnerability in the platform’s token minting system, successfully draining over $6 million from its liquidity pools.

The breach began when the attacker gained control of Delta Prime’s admin account, likely by stealing the developer’s private key.

How the Delta Prime hack unfolded

With access to the admin wallet, the hacker used the platform’s upgrade function to modify several liquidity pool contracts. These contracts were linked to proxy addresses, a mechanism designed to allow developers to implement software upgrades.

However, instead of upgrading the software, the attacker pointed the contracts to malicious versions that allowed them to mint arbitrarily large numbers of tokens.

According to blockchain data provided by block explorer Arbiscan, the hacker initially minted over 115 duovigintillion Delta Prime USD (DPUSDC) tokens, an astronomical figure represented as 1.1*10^69 in scientific notation.

DPUSDC serves as a deposit receipt token for the USDC stablecoin, intended to be redeemed at a 1:1 ratio.

Despite minting a massive amount of DPUSDC, the hacker redeemed only $2.4 million worth of USDC.

The same exploit was applied to other deposit receipt tokens, including Delta Prime Wrapped Bitcoin (DPBTCb), Delta Prime Wrapped Ether (DPWETH), and Delta Prime Arbitrum (DPARB). The attacker minted massive quantities of these tokens and redeemed a small fraction, ultimately stealing over $6 million in assets, including Bitcoin, Ether, Arbitrum, and USDC.

Cyvers, an on-chain security platform, was one of the first to report the attack, warning that the losses were initially $4.5 million but quickly escalated as the hacker continued draining pools.

Click Here to Read the Full Original Article at CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison…