Researchers Neutralize Threat to Steal Over $10 Million from DeFi Protocols
Date: 2025-07-11 Author: Gabriel Deangelo Categories: BUSINESS
Venn Network specialists under the pseudonym Deeberiroz reported that the threat had gone undetected for several months and affected thousands of smart contracts. The problem lay in ERC-1967 proxy contracts, which the attacker was able to hijack even before they were fully configured. Venn Network co-founder Or Dadosh explained that the hacker injected malicious code during contract deployment, allowing him to secretly manage assets on an ongoing basis.
The vulnerability was discovered on July 8, after which a 36-hour operation began to neutralize the threat. Several teams participated in the rescue mission, including Pcaversaccio, Dedaub, and Seal 911. They acted covertly to avoid provoking the attacker and carefully assessed the risks for each affected contract, ensuring that the assets were protected.
Thanks to the coordinated work of specialists, several DeFi protocols managed to secure funds before the hacker could withdraw the money. In particular, the Berachain protocol was affected, the team temporarily stopped the vulnerable contract and transferred users' funds to a new, more secure one.
One of the Venn Network researchers, David Benchimol, suggested that the North Korean hacker group Lazarus Group could be behind the attack. He noted that the hacking method was very sophisticated and was used on all EVM-compatible networks. According to Benchimol, the attackers could have been waiting for larger-scale mining, which indicates the group is organized, but there is no direct evidence of Lazarus Group's involvement yet.
Earlier in June, BitMEX specialists identified vulnerabilities in Lazarus operational security, which confirms the high level of threat from this group.
Thus, timely detection and coordinated actions of security teams helped prevent a large-scale theft, protecting significant funds of DeFi protocol users from attackers.
