Venus Protocol Recovers $13.5M in Phishing Attack

Decentralized finance (DeFi) lending platform Venus Protocol helped a user recover stolen crypto following a phishing attack tied to North Korea’s Lazarus Group.

On Thursday, Venus Protocol announced that it had helped a user recover $13.5 million in crypto after the phishing incident that occurred on Tuesday. At the time, Venus Protocol paused the platform as a precautionary measure and began investigating.

According to Venus, the pause halted further fund movement, while audits confirmed Venus’ smart contracts and front end were uncompromised.

Emergency vote enables fund recovery

An emergency governance vote allowed the forced liquidation of the attacker’s wallet, enabling stolen tokens to be seized and sent to a recovery address.

Source: Kuan Sun

Attackers exploited a malicious Zoom client

In the post-mortem, Venus revealed that the attackers used a malicious Zoom client to trick the victim into granting delegated control over the account.

This allowed the perpetrators to borrow and redeem on the victim’s behalf, enabling them to drain millions in stablecoins and wrapped assets.

The protocol’s security partners, HExagate and Hypernative, flagged the suspicious transaction within minutes, leading to the decision to pause the protocol. According to Venus, the recovery process unfolded in less than 12 hours.

Kuan Sun, who was identified as the victim of the attack, thanked the teams behind the recovery. “What could have been a total disaster turned into a battle we actually won, thanks to an incredible group of teams,” Sun wrote.

PeckShield, Binance, and SlowMist also assisted in the recovery.

Phishing attack linked to the Lazarus Group

SlowMist’s analysis linked the attack to the Lazarus Group, a North Korea-backed collective blamed for major crypto heists, including the $600M Ronin bridge exploit and the $1.5B Bybit hack.

Sun said SlowMist carried out extensive analysis work and was “among the very first to point out that Lazarus was behind this attack.”

The Lazarus Group is a North Korea-linked hacking collective believed to operate under the country’s intelligence agency.

Magazine: Astrology could make you a better crypto trader: It has been foretold

What's Hot

Vitalik Buterin admits his biggest design mistake since 2017

New post-quantum signatures are 40x larger, threatening to crush network throughput and user costs

Fundstrat’s Tom Lee sees Bitcoin and Ethereum price breakout after precious metals peak

Venus Protocol Recovers $13.5M in Phishing Attack

Ripple Executives Weigh Staking Addition For XRP Ledger

MSCI Review Puts Digital Asset Treasury Companies Under Pressure

XRP Price Slides 15% — Can Bitwise XRP ETF Stop The Drop

Bitcoin Sentiment Mixed as Traders Debate Prices From 70K to 130K

Solana Co-Founder Unveils Percolator To Rival Aster, Hyperliquid

EtherRock NFT Purchased For $300,000

PUMP Drops, ETH ETF Inflows Continue, And More

What's Hot

Venus Protocol Recovers $13.5M in Phishing Attack

Emergency vote enables fund recovery

Attackers exploited a malicious Zoom client

Phishing attack linked to the Lazarus Group

Related Posts