A team of crypto security researchers has successfully averted a significant decentralised finance (DeFi) exploit, saving over $10 million in digital assets from a stealth backdoor vulnerability that had remained hidden for months. The complex exploit targeted thousands of smart contracts, prompting an emergency response led by the Venn Network.
On Thursday, Deeberiroz, a pseudonymous researcher at Venn Network, revealed the operation in a post on X, stating that the exploit had been silently lurking in the ecosystem, threatening numerous contracts. The vulnerability involved uninitialised ERC-1967 proxy contracts, which allowed the attacker to hijack them before their proper setup. This silent threat gave the malicious actor a long-standing backdoor that could be triggered at any moment.
Massive DeFi Vulnerability Uncovered
The flaw was discovered on Tuesday by Venn Network, initiating a rapid 36-hour response. The effort brought together key figures from the DeFi security space, including Pcaversaccio, Dedaub and Seal 911. The team moved quickly to analyse affected contracts and either secure the funds or transfer them to safer addresses.
Or Dadosh, co-founder and president of Venn Network, explained that the attacker used sophisticated techniques to front-run contract deployments, inserting malicious contract implementations in the process. “In the simplest terms, the attacker exploited certain deployments which allowed them to put a well-hidden back door in thousands of contracts,” Dadosh said. The exploit was so subtle that once a contract was initialised, the malicious access remained almost invisible.
36-Hour Rescue Operation Saves Crypto Funds
The coordinated effort was kept under tight secrecy to avoid alerting the attacker and give the developers a window to act. Thanks to their swift work, several DeFi protocols were able to recover hundreds of thousands in crypto before any damage could be done.
Dadosh revealed that tens of millions of dollars were at potential risk and warned that, had the vulnerability remained undiscovered, the exploit could have expanded rapidly and threatened a much larger portion of the total value locked across various protocols. The backdoor allowed the attacker to lie in wait, with the potential to compromise assets at a much greater scale over time.
Thousands of Smart Contracts at Risk
This exploit affected contracts across all major EVM-compatible blockchains. Security researcher David Benchimol from Venn Network described the scale as “deployed on every EVM chain.” The researchers believe that the attacker was targeting a larger payoff, waiting to strike a major protocol at the right time.
The attack methodology involved injecting malicious code into smart contracts during their deployment phase, leaving a silent access point for later exploitation. Such a method indicates a high level of sophistication and planning, raising concerns about the actors behind it.
Berachain Takes Emergency Action
One of the affected projects, Berachain, responded swiftly by pausing its vulnerable incentive claim contract and migrating the funds to a new, secure version. The Berachain Foundation announced that no user funds had been compromised. “Incentives will be claimable again within the next 24 hours as merkles for distribution are recreated,” the foundation assured users on X.
Lazarus Group Suspected but Not Confirmed
Suspicion has fallen on the notorious North Korean state-sponsored hacking group Lazarus. Benchimol noted that the complexity and scale of the operation suggested it could be the work of a highly organised group. “The attack vector was very sophisticated and deployed on every EVM chain,” he said, though he also stressed that there is currently no confirmation linking the exploit directly to Lazarus.
While attribution remains unconfirmed, the incident highlights the growing risks and vulnerabilities in the rapidly evolving DeFi ecosystem. Experts have praised the efforts of the security researchers for averting what could have been a far more damaging event, potentially affecting billions in assets.
Leave a Reply