DeltaPrime, a decentralized borrowing protocol supported by Avalanche and GSR Markets, has reportedly suffered a significant security breach, resulting in a $4 million loss. The breach is suspected to involve entities linked to North Korea, according to a September 16 post by Chaofan Shou, co-founder of Fuzzland, on X.
The hack is believed to have been caused by a leak of an admin’s private key. While the precise details of how the key was compromised are still unclear, blockchain investigator ZachXBT revealed that DeltaPrime had previously employed IT workers from North Korea. Despite the removal of these flagged individuals, any direct connection between the hack and North Korea remains unconfirmed.
Blockchain research group Cyvers Alerts noted that the attack specifically targeted DeltaPrime’s protocol version on the Arbitrum network. The hacker has already converted the stolen USD Coin (USDC) into Ethereum (ETH). According to Cyvers Alerts, “It seems that admin has lost the private key. Suspicious address still draining the pools! Affected pools so far are the DPUSDC, DPARB, DPBTCb!”
DeltaPrime also operates a protocol on the Avalanche network, but there are no current reports of vulnerabilities affecting this version. Following the hack, the value of DeltaPrime’s native token, PRIME, dropped by 6% to $1. As of now, the DeltaPrime team has not issued any public statements regarding the incident.
Launched on Avalanche in January 2023, DeltaPrime initially attracted over $63 million in total value locked and managed to unlock more than $20 million in liquidity. The protocol received funding from notable backers including Avalanche, GSR Capital, Moonhill Capital, and Uplift.