Hack Track: DeltaPrime Flow of Funds Analysis

Robert Whitaker and Prachi Pandey
November 7, 2024

On September 16th, 2024, the decentralized lending platform DeltaPrime fell victim to a devastating hack. The attackers exploited a vulnerability in the protocol's security, resulting in the theft of over $6 million. Surprisingly, this is the 2nd strike on DeltaPrime within 2 months, the first one being on July 23rd this year when $1 million was lost due to a misconfiguration that allowed an attacker to take over accounts, repay loans, and withdraw collateral.

This incident highlights the ongoing risks DeFi platforms face and the critical need for robust security measures. In the following sections, we will delve deeper into the details of the DeltaPrime hack, analyze the attacker's tactics, and discuss the implications for the DeFi ecosystem.

Unprecedented Scale of the Attack

The attacker exploited a vulnerability in DeltaPrime's protocol to mint an astronomical amount of DPUSDC, DPARB, DPBTCb, and DPWETH tokens, exceeding 1.1*10^69 in scientific notation. This unprecedented scale of minting highlights the severity of the breach.

Despite the ability to mint virtually unlimited tokens, the attacker only redeemed a small fraction, indicating a focus on maximizing profits quickly. This strategic approach suggests a well-planned and coordinated attack.

The attack also exposes the potential risks associated with decentralized lending protocols and the importance of stringent security measures to prevent such large-scale exploits.

Incident Response

DeltaPrime, in a statement on X (formerly Twitter), acknowledged the hack and provided an update on the situation, stating that:

“DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.”

 

 

Merkle Science’s Flow of Funds Analysis

Merkle Science’s blockchain forensics tool ‘Tracker’ visualizes the flow of funds after an attack

  • The attackers gained unauthorized access to DeltaPrime's admin private keys, enabling them to mint custom tokens in the number of 1*10^69 and began pegging them in the 1:1 ratio with other tokens USDC, wBTC, ARB, DAI and wETH on the Arbitrum blockchain
  • In total, the attackers were able to siphon away $6.05 Million
  • All the tokens were then swapped for 2,588 ETH worth approximately $6.04 Million
  • This 2,588 ETH was split between 2 associate addresses
  • One of the associate addresses received 1,249.96 ETH. From this amount, 100 ETH was transferred to a prominent Arbitrum-based exchange, while the remaining funds were retained in the original wallet.
  • The second associate address (associate 2) received 1,336.93 ETH. This amount was then transferred to another Ethereum address using the Stargate cross-chain bridge. Ultimately, 1,337 ETH from this address was sent to Tornado Cash, likely for money laundering purposes.

 

Hot Wallet Hacks: A Growing Threat to DeFi

The DeltaPrime hack underscores the ongoing security challenges faced by decentralized platforms. Hot wallet attacks have been a significant contributor to the billions of dollars lost in the cryptocurrency ecosystem in 2024.

While smart contract hacks have decreased due to improved security measures, attackers are now focusing on exploiting vulnerabilities in platform security, such as hot wallets. This shift in tactics highlights the need for continuous vigilance and adaptation to evolving threats.

Key Takeaways:

  • Hot Wallet Vulnerabilities: Hot wallets, being internet-connected, are particularly susceptible to attacks.
  • Shift in Attack Vectors: Attackers are increasingly targeting platform security rather than focusing solely on smart contracts.
  • Growing Losses: Hot wallet hacks have resulted in substantial financial losses for the DeFi ecosystem.

The attackers' ability to exploit vulnerabilities and mint an unprecedented amount of tokens highlights the need for robust security measures and continuous vigilance.

This incident underscores the importance of:

  • Regular Security Audits: DeFi platforms must conduct frequent security assessments to identify and address potential vulnerabilities.
  • Private Key Protection: Safeguarding admin private keys is paramount to prevent unauthorized access and malicious actions.
  • Emergency Response Plans: Having well-defined emergency response plans in place can help mitigate the impact of security breaches and facilitate swift recovery.

By prioritizing security and implementing best practices, DeFi platforms can enhance their resilience and protect their users from future attacks.