DeltaPrime, a decentralized lending protocol and cryptocurrency broker, has been hit by a major security breach resulting in losses of over $6 million. The exploit, identified by blockchain security firm Cyvers, affected the Arbitrum version of the platform and is attributed to a private key leak.
Several blockchain security experts and analysts have noted this flaw and reported that the hacker gained control of Delta Prime’s admin proxy. This access allowed the attacker to upgrade the proxy and direct it to a malicious contract. This led to the depletion of several liquidity pools, including DPUSDC, DPARB, and DPBTCb.
Blockchain security firm Cyvers confirmed the exploit and shared the post on X, claiming to have detected “several suspicious transactions” related to DeltaPrime. According to the company, the incident occurred due to the administrator losing control of a private key, which allowed unauthorized access to the platform’s funds. As a result, users were temporarily unable to withdraw their assets from the Arbitrum version of DeltaPrime, given its borrowing and lending structure.
The DeltaPrime team responded quickly by informing users via Discord and X (formerly Twitter), acknowledging the issue and assuring the community that they were working on a resolution.
“Risk is contained, we are working on asset recovery and the insurance pool will cover any potential losses where possible/necessary,” the team said in the X post, adding, “Additionally, we are looking at other ways to minimize user losses.”
This incident marks the second major breach of DeltaPrime in recent months. In July 2024, the protocol suffered a $1 million hack due to a misconfiguration that allowed an attacker to take control of accounts, repay loans, and withdraw collateral.
Following the previous exploit in July, the DeltaPrime team had re-audited its codebase and assured users that the vulnerabilities had been fixed. However, the recurrence of another major flaw raises concerns about the platform’s security measures.
Also read: Cryptocurrency trader loses $16 million in FRIEND token bet
