$6 Million Drained From DeFi Platform, ZachXBT Claims That North Korea Hackers May Be Involved

Over $6 million in various tokens from wallets belonging to on-chain DeFi platform, DeltaPrime were drained earlier today (Monday 16 September) after an apparent private key leak – and now cyber sleuth has stirred the pot alleging North Korea Lazarus Group involvement.

The DeltaPrime hack only affects the Arbitrum side of the platform. Web3 security experts on X have said that the exploit involved a hacker gaining control over an admin proxy, redirecting it to a malicious contract, and allowing the bad actors to drain over $6 million from DeltaPrime wallets.

DeltaPrime Hack First Picked Up On Social Media By Web3 Security Expert

Delta Prime @DeltaPrimeDefi admin private key leaked. All pools are drained. $7M loss already. Withdraw ASAP! https://t.co/uNn5nZoHp3 pic.twitter.com/se3RebRjpX

— Chaofan Shou (@shoucccc) September 16, 2024

It was first picked up by an X user named ‘ Chaofan Shou ‘. Shou is the co-founder of Web3 Security Analyst firm, Fuzzland. He posted earlier today, warning that DeltaPrime’s admin private keys were leaked, telling users to withdraw funds immediately. Initially, Shou claimed that $7 million had been drained before clarifying that it was actually $4 million. His last update showed that over $6 million had been stolen.

Chaofan posted details on the hack, saying a hacker had gained control of 0xx40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb, the admin of proxies. Then, the hacker upgraded the proxies to point to malicious contract 0xD4CA224a176A59ed1a346FA86C3e921e01659E73.

Notable Crypto Scam Investigator ZachXBT Claims That The DeltaPrime Hack May Have Links To North Korea

(@zachxbt)

ZachXBT has recently published a huge expose on North Korea’s Lazarus group. Lazarus is a hacker group made up of an unknown number of individuals. It is alleged to be run by the government of North Korea. While little is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010.

In his expose from August 15, Zach said that he had reached out to 25+ Web3 projects that had unknowingly hired malicious IT workers with links to North Korea. In relation to the DeltaPrime hack, Zach commented on Chaofan Shou’s post, saying Idk (I don’t know) if it related, but they were one of the teams with the DPRK IT workers I reached out to warn (I was told they were all removed).

RELATED: Crypto Firms On High Alert As FBI Issues A PSA Warning Of Alarming Rise In ‘Complex’ Scams Carried Out By North Korea

DeltaPrime Acknowledged The Hack, Saying The Risk Is Contained And Is ‘Focused On Asset Retrieval’

DeltaPrime Blue exploited, this is the current status:

At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.

DeltaPrime Red (Avalanche) is not vulnerable…

— DeltaPrime (@DeltaPrimeDefi) September 16, 2024

Over an hour ago, DeltaPrime posted to its X account, acknowledging the exploit. In the post, the team confirmed that only the Arbitrum arm is affected and that the Avalanche side of the platform ‘is not vulnerable.’

There have been no further updates from the team since that post at 9:55 a.m. BST. As per CoinGecko data, PRIME, the native token for the DeltaPrime platform, has reacted negatively to the news. It is down 6% in the past 24 hours. However, PRIME looks to be holding steady at around $0.997 following the team’s announcement that the risk is contained.

(COINGECKO)

DISCOVER: First Restaking Protocol On TON Raises $100 Million In Institutional Backing And Is Using The Success Of EigenLayer As Inspiration

Disclaimer: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.