Delta Prime DeFi hacker exploited token minting bug, managed to drain $6M


Delta Prime DeFi hacker exploited token minting bug, managed to drain $6M
  • Hacker exploited Delta Prime’s upgrade function to mint massive tokens.
  • Over $6M in assets were stolen, including Bitcoin, Ether, and stablecoins.
  • Attack exposes risks of upgradable contracts in decentralized finance.

Delta Prime, a DeFi platform operating on the Arbitrum network, has fallen victim to a major cyberattack where a hacker exploited a vulnerability in the platform’s token minting system, successfully draining over $6 million from its liquidity pools.

The breach began when the attacker gained control of Delta Prime’s admin account, likely by stealing the developer’s private key.

How the Delta Prime hack unfolded

With access to the admin wallet, the hacker used the platform’s upgrade function to modify several liquidity pool contracts. These contracts were linked to proxy addresses, a mechanism designed to allow developers to implement software upgrades.

However, instead of upgrading the software, the attacker pointed the contracts to malicious versions that allowed them to mint arbitrarily large numbers of tokens.

According to blockchain data provided by block explorer Arbiscan, the hacker initially minted over 115 duovigintillion Delta Prime USD (DPUSDC) tokens, an astronomical figure represented as 1.1*10^69 in scientific notation.

DPUSDC serves as a deposit receipt token for the USDC stablecoin, intended to be redeemed at a 1:1 ratio.

Despite minting a massive amount of DPUSDC, the hacker redeemed only $2.4 million worth of USDC.

The same exploit was applied to other deposit receipt tokens, including Delta Prime Wrapped Bitcoin (DPBTCb), Delta Prime Wrapped Ether (DPWETH), and Delta Prime Arbitrum (DPARB). The attacker minted massive quantities of these tokens and redeemed a small fraction, ultimately stealing over $6 million in assets, including Bitcoin, Ether, Arbitrum, and USDC.

Cyvers, an on-chain security platform, was one of the first to report the attack, warning that the losses were initially $4.5 million but quickly escalated as the hacker continued draining pools.

Blockchain security specialist Chaofan Shou later confirmed that the total theft had reached approximately $6 million.

This incident underscores the risks associated with upgradable contracts in the DeFi ecosystem. Although upgradable contracts allow developers to fix bugs post-deployment, they introduce a centralization risk if an admin account is compromised, as seen in the Delta Prime hack.

The attack on Delta Prime is part of a growing trend of high-profile DeFi breaches, with experts warning that future targets could include even larger institutions, such as Bitcoin exchange-traded funds (ETFs), which hold billions in digital assets.

Source: https://coinjournal.net/news/delta-prime-defi-hacker-exploited-token-minting-bug-managed-to-drain-6m/