DeltaPrime, a DeFi protocol on the Arbitrum chain, has fallen victim to a series of suspicious transactions. The Web3 security firm CyVers flagged the issue, revealing that malicious actors have compromised protocol’s admin wallet.
The attacker, according to CyVers, appears to have taken control of the DeltaPrime proxy contracts, draining multiple pools, including DPUSDC, DPARB, and DPBTCb.
North Korean IT Workers Allegedly Linked to DeltaPrime Breach
In the latest update, CyVers noted that the attacker has allegedly swapped stolen USDC for Ethereum (ETH), further complicating recovery efforts. CyVers CTO Meir Dolev provided additional insight, stating that the attack is ongoing.
The firm initially reported a loss of $4.5 million. However, as the incident is still ongoing at the time of this writing, the number continues to rise.
“The hacker upgraded the contracts to point to his malicious contract, enabling the draining of funds. The total loss has now grown to $5.9 million,” Dolev said in an email to BeInCrypto.
Read more: Crypto Project Security: A Guide to Early Threat Detection
Adding to the growing concern, on-chain investigator ZachXBT highlighted potential ties between DeltaPrime’s breach and a group of North Korean IT workers. These workers, using fake identities and KYC documents, had been involved in a similar incident in August 2024.
ZachXBT’s report also detailed a pattern of fraudulent activity. He linked the latest attack to a larger network of malicious actors who have been siphoning funds from various DeFi projects since June 2024.
The revelations point to a complex web of fraud, where North Korean operatives are believed to be exploiting vulnerabilities in decentralized protocols. According to ZachXBT, the attacker’s laundering strategy involved bridging stolen assets across chains and depositing large sums into privacy-focused services like Tornado Cash, effectively obfuscating the trail of stolen funds.
Read more: Top 5 Flaws in Crypto Security and How To Avoid Them
At the time of writing, DeltaPrime’s team has yet to issue an official statement. The attack has also had a significant impact on the platform’s native token, PRIME. Within the past 24 hours, it has seen a 6.3% decline in value, now trading at $1.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.