Venn Network Uncovers and Shuts $10M DeFi Backdoor
The post Venn Network Uncovers and Shuts $10M DeFi Backdoor appeared on BitcoinEthereumNews.com. Crypto security researchers uncovered and neutralized a critical threat affecting thousands of smart contracts, potentially preventing more than $10 million in crypto from being stolen. On Thursday, pseudonymous Venn Network researcher Deeberiroz shared in an X post that a backdoor exploit had been silently threatening the ecosystem for months. The researcher said the exploit targeted uninitialized ERC-1967 proxy contracts, allowing them to hijack the contracts before they had been properly set up. Venn Network discovered the vulnerability on Tuesday, triggering a 36-hour rescue operation involving several developers, including security researchers Pcaversaccio, Dedaub and Seal 911, who worked together to evaluate affected contracts and move or secure vulnerable funds. Source: Deeberiroz Attackers injected malicious contract implementations Or Dadosh, co-founder and president of Venn Network, told Cointelegraph that the attacker front-ran contract deployments and injected malicious implementations. “In the simplest terms, the attacker exploited certain deployments which allowed them to put a well-hidden back door in thousands of contracts,” Dadosh told Cointelegraph, adding that the attacker could have taken over vulnerable contracts at any point. Following the attack, the hacker had an undetected, unremovable backdoor for months. Once the contract was initialized, it made malicious activity nearly invisible. The security researchers outmaneuvered the attackers by keeping the vulnerability under wraps during the operation, which led to a successful rescue. Deeberiroz said several decentralized finance (DeFi) protocols were able to secure at-risk crypto during the operation, acting before the attackers could siphon the assets. “We found tens of millions of dollars potentially at risk,” Dadosh said. “But even scarier is if this could have kept growing, and a larger portion of the overall TVL [total value locked] held by the protocols involved could have been threatened.” Berachain pauses contract, Lazarus suspected The affected protocols included Berachain, whose team responded by pausing the affected…
The post Venn Network Uncovers and Shuts $10M DeFi Backdoor appeared on BitcoinEthereumNews.com.
Crypto security researchers uncovered and neutralized a critical threat affecting thousands of smart contracts, potentially preventing more than $10 million in crypto from being stolen. On Thursday, pseudonymous Venn Network researcher Deeberiroz shared in an X post that a backdoor exploit had been silently threatening the ecosystem for months. The researcher said the exploit targeted uninitialized ERC-1967 proxy contracts, allowing them to hijack the contracts before they had been properly set up. Venn Network discovered the vulnerability on Tuesday, triggering a 36-hour rescue operation involving several developers, including security researchers Pcaversaccio, Dedaub and Seal 911, who worked together to evaluate affected contracts and move or secure vulnerable funds. Source: Deeberiroz Attackers injected malicious contract implementations Or Dadosh, co-founder and president of Venn Network, told Cointelegraph that the attacker front-ran contract deployments and injected malicious implementations. “In the simplest terms, the attacker exploited certain deployments which allowed them to put a well-hidden back door in thousands of contracts,” Dadosh told Cointelegraph, adding that the attacker could have taken over vulnerable contracts at any point. Following the attack, the hacker had an undetected, unremovable backdoor for months. Once the contract was initialized, it made malicious activity nearly invisible. The security researchers outmaneuvered the attackers by keeping the vulnerability under wraps during the operation, which led to a successful rescue. Deeberiroz said several decentralized finance (DeFi) protocols were able to secure at-risk crypto during the operation, acting before the attackers could siphon the assets. “We found tens of millions of dollars potentially at risk,” Dadosh said. “But even scarier is if this could have kept growing, and a larger portion of the overall TVL [total value locked] held by the protocols involved could have been threatened.” Berachain pauses contract, Lazarus suspected The affected protocols included Berachain, whose team responded by pausing the affected…
What's Your Reaction?
