top of page

Hacker Steals $6M Through Massive Token Minting Exploit

Writer's picture: Blockonome GnomeBlockonome Gnome

A hacker exploits DeFi protocol Delta Prime by minting an enormous amount of deposit tokens, siphoning millions in USDC, BTC, and ETH.


Hacker Steals $6M Through Massive Token Minting Exploit

A recent attack on decentralized finance (DeFi) protocol Delta Prime has resulted in the loss of over $6 million in cryptocurrency. The attacker used an admin account to mint an unprecedented number of deposit receipt tokens, exploiting the system's upgrade functions to drain liquidity pools.


According to blockchain data from Arbiscan, the hacker minted over 115 duovigintillion (1.1 * 10^69) Delta Prime USD (DPUSDC) tokens, a deposit receipt for the USDC stablecoin. Despite minting this massive amount, the attacker only burned 2.4 million of these tokens to withdraw $2.4 million in actual USDC. They repeated similar steps for other assets like Bitcoin (BTC), Ether (ETH), and Arbitrum (ARB), accumulating over $1 million in additional funds.


The exploit was likely initiated by stealing the developer’s private key and gaining control of an admin account. The attacker then used an upgrade function in Delta Prime’s liquidity pool contracts, redirecting each contract to a malicious proxy that allowed them to mint limitless deposit receipt tokens.


Blockchain security expert Chaofan Shou estimated that the total loss stands at $6 million. Delta Prime acknowledged the breach, confirming that nearly $6 million had been drained from its Arbitrum-based protocol, while its Avalanche-based version remained unaffected. The protocol also noted that its insurance might help cover some of the losses.


This incident highlights the ongoing risks DeFi protocols face with upgradeable contracts, which can introduce centralization vulnerabilities if admin accounts are compromised. While upgrading allows developers to fix bugs, it also makes protocols more susceptible to exploits like this one.


Delta Prime's exploit is just the latest in a series of DeFi attacks this year, as the Web3 ecosystem continues to grapple with security challenges.


photo source / Blockonome

Comments


Top Stories

Thanks for subscribing!

© 2024 by Blockonome. 

Bring global cryptocurrency news straight to your inbox. Sign up for our monthly newsletter.

  • X
  • LinkedIn
  • TikTok
  • Instagram
  • Facebook

Blockonome's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

bottom of page