Bitcoin ($110,054.00)
Ethereum ($4,281.35)
Tether ($1.00)
XRP ($2.80)
BNB ($842.13)
Solana ($203.34)
USDC ($1.00)
Lido Staked Ether ($4,271.24)
Dogecoin ($0.21)
TRON ($0.33)
Nazia Saeed- Venus Protocol recovered $13.5 million in stolen crypto, halting further movement of funds and quickly identifying the breach.
- An emergency governance vote enabled the forced liquidation of the attacker’s wallet, leading to the retrieval of stolen tokens.
- The attack was linked to the Lazarus Group, a North Korea-backed hacking collective responsible for major crypto heists.
Venus Protocol, a decentralized finance (DeFi) lending platform, successfully assisted a user in recovering $13.5 million in crypto assets stolen through a phishing attack attributed to North Korea’s Lazarus Group. The incident took place on Tuesday, prompting Venus to temporarily pause its platform as a precaution and investigate the breach.
During the pause, Venus’ audits confirmed that both its smart contracts and front-end systems were unaffected by the attack, ensuring the platform’s integrity. The move halted any further movement of funds, providing the necessary time for the team to work on recovery.
Emergency governance vote triggers recovery
To recover the stolen assets, Venus initiated an emergency governance vote, which authorized the forced liquidation of the attacker’s wallet. This action enabled the recovery of the stolen tokens, which were then sent to a designated recovery address. The attack had exploited vulnerabilities within a malicious Zoom client that tricked the victim into granting delegated control over their account.
Once in control, the attackers borrowed and redeemed assets on the victim’s behalf, draining millions of dollars in stablecoins and wrapped assets. The protocol’s security partners, HExagate and Hypernative, flagged the suspicious transactions within minutes, leading to the decision to pause the protocol and halt further fund movement.
Kuan Sun’s thanks for the recovery efforts
Kuan Sun, the victim of the attack, expressed immense gratitude toward the teams involved in the recovery, calling it “a battle we actually won.” Sun commended the collaborative efforts of the various organizations that played a role in retrieving the stolen funds.
In addition to Venus, PeckShield, Binance, and SlowMist all played pivotal roles in identifying and recovering the stolen assets. Sun acknowledged SlowMist for its early analysis, which helped pinpoint the involvement of the Lazarus Group in the attack.
Lazarus Group behind the phishing attack
The phishing attack was linked to the notorious Lazarus Group, a North Korean-backed hacking collective. This group is infamous for its involvement in large-scale crypto heists, including the $600 million Ronin bridge exploit and the $1.5 billion Bybit hack.
According to SlowMist, the group was quick to identify the Lazarus Group’s involvement in the attack. Sun praised SlowMist for being “among the very first to point out that Lazarus was behind this attack,” shedding light on the sophistication and high-level targeting of the phishing scheme.
What’s next for Venus Protocol
This successful recovery marks a significant win for Venus Protocol in demonstrating the strength of its security measures and its ability to respond swiftly to threats. The quick actions of the platform and its security partners helped mitigate what could have been a devastating loss for the victim and reinforced the importance of collaboration in the DeFi space.
