Michaela
Decentralized finance (DeFi) platform Venus Protocol has assisted its user, Kuan Sun, in recovering $13.5 million in cryptocurrency after a phishing attack reportedly linked to North Korea’s Lazarus Group.
Key points:
- Venus Protocol helped user Kuan Sun recover $13.5M in crypto after a phishing attack that exploited a malicious Zoom client.
- Security alerts from Hexagate and Hypernative led to a protocol pause and a coordinated recovery, completed in under 12 hours.
- Sun publicly thanked Venus Protocol and security partners, including Hexagate, Hypernative, PeckShield, and SlowMist, for their swift response.
According to an official statement on X from Venus Protocol, the victim reported that the attackers exploited a malicious Zoom client to gain control over their device. Using this access, the attackers tricked Sun into authorizing a transaction that designated them as a valid Venus delegate, allowing them to borrow and redeem funds from the victim’s account.
Approximately 20 minutes after the attack, security alerts from Hexagate and Hypernative were triggered, prompting Venus Protocol to pause operations. During this pause, a full security review of Venus’ front-end confirmed that it had not been compromised. To prevent the attacker from moving the victim’s funds, the platform proposed remedial measures to the community through a lightning vote, ensuring a coordinated response.
Venus Protocol reported that its team was able to investigate the incident, secure users, recover the stolen funds, and restore normal operations in under 12 hours.
Sun shared a “gratitude thread” on X following the recovery of their funds, praising Venus Protocol for its swift response and decisive actions to resolve the incident. They also acknowledged the support of Hexagate, Hypernative, and PeckShield for their role in identifying and addressing the attack.
“They were among the very first to detect the suspicious transaction and immediately reached out to Venus with critical advice: to pause the protocol. That early warning and decisive recommendation was what gave us the crucial window to respond before things got worse,” Sun wrote regarding Hexagate and Hypernative.
At the conclusion of Sun’s thread, they also expressed gratitude to blockchain security firm SlowMist for their assistance. “They carried out extensive analysis work and were among the very first to point out that Lazarus was behind this attack,” they wrote.
The Lazarus Group is a cybercriminal organization linked to North Korea, known for carrying out high-profile cyberattacks and financial heists targeting cryptocurrency platforms, banks, and companies worldwide. It is widely believed to operate under the direction of the country’s intelligence apparatus and is associated with sophisticated hacking techniques aimed at both political and financial objectives.
The incident shows how complex security challenges are becoming in decentralized finance and demonstrates the need for constant vigilance and swift action to protect digital assets.
Read More
- Lazarus Group Hits CoinDCX for $44M — What It Means for SHIB Users
- DMs, Discords, and Deception: The Social Life of Crypto Phishing Attacks
- North Korea’s Lazarus Group Linked to New $3.2M Crypto Heist
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
