Venus Protocol, a renowned decentralized finance (DeFi) has assisted one of its users in recovering about $13.5 million. The DeFi platform confirmed the recovery on Thursday via a post on its official page on X.
The firm, according to the post, said the user fell victim to a phishing attack allegedly from the infamous North Korea-backed hackers, Lazarus Group. According to Venus Protocol, the attack manifested on Tuesday.
Also confirming the attack is the victim, Kuan Sun who thanked the Venus protocol team on his page on X for ensuring the recovery. While providing insight into the attack, the protocol said the bad actors used a malicious Zoom client to persuade Kuan Sun into giving them delegated control of the account. This permission empowered the hackers to borrow and claim the funds on behalf of Sun.
Hence, the attackers went on to drain the funds in stablecoins and some wrapped digital assets. Thanks to the protocol’s security partners, HExagate and Hypernative who raised the alarm about the malicious movement of funds in less than a few minutes.
The alert from the security partners made Venus suspend all activities on its protocol. However, in less than 12 hours, the decentralized finance platform managed to reclaim the assets.
How Venus suspended all protocol activities
In reaction, the decentralized protocol initiated a precautionary measure by suspending all activities on its platform, before commencing an investigation into the issue. Also, Venus protocol audited its smart contracts and front-end to ensure that they remain intact.
Results from the audit established that the hackers didn’t penetrate further beyond the affected user’s account.
Thereafter, Venus protocol launched an emergency governance vote to force the hacker’s address into liquidation and eliminate access to the stolen funds. By that, the protocol went on to send the assets to a recovery wallet.
The DeFi platform went on to establish that key firms within the cryptocurrency industry like Binance, SlowMist, and PeckShield all assisted in the recovery of the funds. According to the victim, SlowMist did a deep analysis and is one of the foremost firms to link the attack to the notorious Lazarus Group.
Over the years, the Lazarus Group has been lurking in the crypto space, targeting protocols, exchanges and wealthy cryptocurrency holders. The North Korea hacker group is linked to high-profile crypto hacks such as the $530 million CoinCheck breach, $600 million Ronin bridge exploit, and the $1.5 billion Bybit hack.
Read More: