On November 13, 2024, the DeFi borrowing and lending protocol, deltaPrime, has a strict deadline of 23:59 on November 19, 2024, in case the perpetrator of a $4.8 million hack does not negotiate the return of stolen funds by then. On November 11, the protocol was hit with the exploit and is demanding legal action against the attacker, unless they respond by 8 AM CET on November 14.
Co-founder of DeltaPrime, Gavin Hasselbaink, urged the attacker to come forward ‘or you’re going to get legally escalated,’ in a social media post. In line with that, Hasselbaink writes that should communication not be made by the deadline, this will no longer be treated as a white-hat hack.
“As I am sure you know, we have several leads on your real identity, and at some point we will have to pursue these in order to retrieve the user funds.”
Gavin Hasselbaink
After the hack, DeltaPrime posted an on-chain message to the attacker asking for a talk around resolving the stolen funds. Doubtful in his sights was either ‘the hacker either ‘missed this message or decided to postpone a response.'”
DeltaPrime focuses on collaboration for fund recovery
It reiterated that it is focused on the safe return of funds and would respect the attacker’s anonymity. With a long history of successfully negotiating with hackers who return stolen assets of their own free will, DeltaPrime stated that it prefers to meet this threat through a collaborative approach.
It is the last window of opportunity for peaceful resolution. DeltaPrime says it will increase its response, including seeking out the attacker and possible legal action, if the deadline passes without the attacker contacting it.
It’s the second major hack inflicting DeltaPrime in recent months. A $6 million exploit targeted the platform in September, in which attackers took advantage of the weaknesses in the security of private keys to gain control over the vulnerable contract.
DeltaPrime’s recent breach has brought some scrutiny back over the company’s past history as well. However, blockchain investigator ZachXBT previously revealed the protocol had engaged North Korean IT workers, but all identified personnel were said to have been fired before the hack. It is unclear if this latest attack is linked to North Korea.
DeltaPrime offers the right hope to address the issues DeFi platforms are facing in ensuring security and making their way through an evolving war collateral environment. The remaining chapters in this high-stakes dispute may rest on the response, or lack thereof, from the attacker by a November 14 deadline.
As with yesterday’s DeltaPrime, it reaffirmed its intention to fund a recovery, but this will depend on whether cooperation or confrontation determines the outcome of this multihilion dollar exploit.