Decentralized finance (DeFi) protocol DeltaPrime has fallen victim to yet another major exploit. Hackers siphoned off approximately $4.8 million worth of ARB and AVAX tokens.
The attack targeted DeltaPrime’s Avalanche and Arbitrum networks. This marks the protocol’s second significant breach this year.
DeltaPrime Exploited
Blockchainsecurity firm PeckShield was the first to detect and report the breach, revealing that the hacker had exploited a vulnerability in DeltaPrime’s periphery adaptor contract .
Hi @DeltaPrimeDefi, you may want to take a look pic.twitter.com/uUn7fnRCLu
— PeckShield Inc. (@peckshield) November 11, 2024
This flaw allowed the attacker to drain liquidity pools across Avalanche and Arbitrum, leading to substantial losses.
According to the analysis, the hacker reallocated around $1.3 million of the stolen funds into liquidity provisioning on LFJ (formerly Trader Joe’s) and farming USDC on Stargate .
The remaining assets have been distributed across other platforms, making recovery difficult.
In response to the exploit, DeltaPrime immediately paused operations on both networks to contain the damage and prevent further losses.
DeltaPrime was just exploited on Avalanche and Arbitrum for a total of (initial estimate) $4.75mm.With the protocol being paused on both chains, the risk is contained. We will provide updates asap.
— DeltaPrime (@DeltaPrimeDefi) November 11, 2024
The team confirmed the incident on social media, assuring users that investigations were underway and promising timely updates as the situation unfolded.
This marks DeltaPrime’s second major breachin just a few months. In September, the protocol suffered a $6 million exploit due to poor private key security.
While the team acted quickly to mitigate the damage, the recurrent nature of these security failures is raising concerns among investors and the wider DeFi community.
Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP
pic.twitter.com/se3RebRjpX
— Chaofan Shou (@shoucccc) September 16, 2024
Launched in early 2023, DeltaPrime quickly gained traction, boasting over $63 million in total value locked (TVL) and attracting backing from notable industry players such as Avalanche , GSR Capital , and Moonhill Capital .
However, two significant breaches in quick succession have severely shaken investor confidence.
The latest attack has raised questions about DeltaPrime’ssecurity framework, with blockchain analysts like ZachXBT suggesting that earlier staffing decisions—reportedly involving individuals with suspicious ties—may have contributed to the protocol’s vulnerabilities.
1/ Recently a team reached out to me for assistance after $1.3M was stolen from the treasury after malicious code had been pushed. Unbeknownst to the team they had hired multiple DPRK IT workers as devs who were using fake identities. I then uncovered 25+ crypto projects with… pic.twitter.com/W7SgY97Rd8
— ZachXBT (@zachxbt) August 15, 2024
Following the breach, DeltaPrime’s native token, PRIME , saw a 1.2% dip, trading at around $1.28 on CoinGecko.
As DeltaPrime works to recover from the $4.8 million loss, the platform faces an uphill battle to restore user trust and implement more robust security measures.
