DeFi lending platform Venus Protocol recovered stolen crypto for a user after a phishing scam linked to North Korea’s Lazarus Group.
On Thursday, Venus Protocol announced it had helped a user recover $13.5 million in crypto following a phishing attack on Tuesday. Meanwhile, Venus Protocol paused the platform as a precaution while investigating.
Venus explained that the pause prevented any further fund transfers, and audits confirmed that its smart contracts and front-end were secure.
Emergency vote helps recover $13.5M
The community held an emergency vote to liquidate the attacker’s wallet. They recovered the stolen tokens and moved them to a recovery address.
In the post-mortem, Venus shared that the attackers used a fake Zoom app to trick the victim into gaining access to the account. Consequently, the attackers borrowed and redeemed assets using the victim’s account. As a result, they drained millions in stablecoins and wrapped assets.
The protocol’s security partners, HExagate and Hypernative, flagged the suspicious transaction within minutes, prompting Venus to pause the platform. The team completed the recovery in under 12 hours. Kuan Sun, the victim of the attack, thanked the teams for their support. Sun said:
What could have been a total disaster turned into a battle we actually won, thanks to an incredible group of teams.
SlowMist links hack to Lazarus Group
SlowMist traced the attack to the Lazarus Group, a North Korean-backed hacker collective known for massive crypto thefts, including the $600M Ronin bridge exploit and the $1.5B Bybit hack.
Sun said SlowMist conducted a thorough investigation and was one of the first to identify Lazarus as being behind the attack. North Korea-linked hacking group, The Lazarus Group, believed to work under the country’s intelligence agency.
