DeFi project Delta Prime hacked again — months after private key leak
Decentralized finance (DeFi) application Delta Prime, which operates on the Arbitrum and Avalanche networks, suffered an estimated $4.5 million hack on Monday.
This is the second incident to hit the ‘yield farm’ in less than two months, bringing combined losses to approximately $10.5 million. The serial hacker responsible also looks to be a keen ‘farmer,’ putting $2 million to work on other platforms.
Blockchain security firm Peckshield suggested that Delta Prime “may want to take a look” at a suspicious transaction in which funds were sourced via a flash loan from the Balancer protocol.
Read more: DeFi app Delta Prime loses $6M after being warned of Lazarus mole
A follow-up post identified the loss as linked to “the lack of input validation in claiming possible rewards.”
The official Delta Prime response to the incident estimates losses at $4.5 million and states that “the protocol [is] paused on both chains, the risk is contained.” Meanwhile, the project’s most recent X (formerly Twitter) thread had been an explainer on reimbursement tokens for victims of the previous hack.
According to X user yieldsandmore, the address responsible for the attack is an “experienced serial exploiter.” They also appear to be a keen DeFi user.
On Arbitrum, two addresses were identified as holding the profits from the exploit, which total approximately $700,000. However, as Peckshield notes, on Avalanche, where the majority of the funds ($4.1 million) were stolen, the exploiter is using around $2 million of the spoils to farm rewards on two DeFi protocols, LFJ (formerly Trader Joe) and Stargate.
Today’s hack comes just under two months after Delta Prime confirmed having lost $6 million to a private key compromise. Prolific blockchain investigator ZachXBT had previously warned of North Korean infiltrators in a number of DeFi projects, Delta Prime included.
To combat the threat of state-sponsored hackers working as moles within DeFi teams, some teams have resorted to a simple (but apparently effective) screening process.
Read more: North Korean hackers posing as devs exposed with ‘I Hate Kim Jong Un’ test
According to Harrison Leggio, co-founder of token launchpad g8keep and known as Pop Punk on X, challenging potential hires to type “i hate kim jong un, fuck north korea” may be enough to scare them off.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.