The decentralized finance platform Venus Protocol successfully aided a user in recovering funds stolen during a phishing attack associated with the North Korean Lazarus Group.
Recovery of Stolen Funds
On Thursday, Venus Protocol announced that it helped a user recover $13.5 million stolen during a phishing incident that occurred on Tuesday. At the time of the incident, Venus paused the platform as a precautionary measure and began an investigation. The pause halted further fund movement, while audits confirmed that Venus’ smart contracts and front end were uncompromised.
Circumstances of the Attack
An emergency governance vote allowed the forced liquidation of the attacker’s wallet, enabling stolen tokens to be seized and sent to a recovery address. The attack was carried out using a malicious Zoom client that tricked the victim into delegating control over their account. This allowed the perpetrators to borrow and redeem on the victim’s behalf, draining millions in stablecoins and wrapped assets.
Link to the Lazarus Group
Analysis by SlowMist linked the attack to the Lazarus Group, a North Korea-backed collective known for major crypto heists, including the $600 million Ronin bridge exploit and the $1.5 billion Bybit hack. The victim, Kuan Sun, thanked the teams behind the recovery efforts.
This incident highlights the importance of security in decentralized finance and the rapid response of teams to attacks, as well as the necessity for thorough analysis of incidents.
