The decentralized finance (DeFi) lending platform Venus Protocol successfully assisted a user in recovering cryptocurrency stolen in a phishing attack linked to North Korea's Lazarus Group.

Venus Protocol announced on Thursday that it had helped a user recover $13.5 million in crypto assets stolen during a phishing incident on Tuesday. Following the incident, Venus Protocol took precautionary measures to suspend the platform and immediately launched an investigation.

Venus noted that the platform's measures effectively prevented further movement of the funds, while audit results confirmed that Venus's smart contracts and front-end interface were not compromised.

Through an emergency governance vote, the platform was authorized to forcibly liquidate the attacker's wallet, successfully seizing the stolen tokens and sending them to a recovery address.

In a post-incident analysis report, Venus revealed that the attacker used a malicious Zoom client to trick victims into granting delegated control over their accounts.

This allowed the criminals to conduct lending and redemption operations in the victims' names, thereby stealing millions of stablecoins and wrapped assets.

The protocol's security partners HExagate and Hypernative flagged suspicious transactions just minutes after the incident occurred, after which the platform decided to suspend protocol operations. Venus stated that the entire fund recovery process was completed in less than 12 hours.

Kuan Sun, identified as a victim of the attack, expressed gratitude to the team involved in the recovery efforts. He noted, "With the help of an outstanding collective team, what could have been a complete disaster ultimately turned into a victorious battle."

PeckShield, Binance, and SlowMist also participated in assisting with the fund recovery efforts.

SlowMist's analysis linked this attack to the Lazarus Group, a North Korean-backed hacking organization accused of carrying out several major cryptocurrency thefts, including the $600 million Ronin Bridge attack and the $1.5 billion Bybit hack.

Sun stated that SlowMist conducted extensive analytical work and was "one of the first institutions to point out that the Lazarus Group was behind this attack."

The Lazarus Group is a hacker collective associated with North Korea, believed to operate under the direction of the country's intelligence agency.

Related: Hackers discover new techniques to hide malware within Ethereum (ETH) smart contracts

Original article: “Venus Protocol successfully recovers $13.5 million stolen from user in phishing attack”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。