Significant Vulnerability Neutralized in DeFi Space
In a significant development for the decentralized finance (DeFi) space, security experts have neutralized a serious vulnerability that threatened to siphon off over $10 million in cryptocurrency from numerous smart contracts. The issue was highlighted by researcher Deeberiroz from Venn Network, who disclosed on X that a backdoor exploit had been jeopardizing the DeFi ecosystem for an extended period, targeting unconfigured ERC-1967 proxy contracts before they were fully established.
Collaborative Efforts to Address the Vulnerability
The vulnerability was first identified on Tuesday, prompting a swift, 36-hour collaborative effort among various developers and security specialists, including Pcaversaccio, Dedaub, and Seal 911. They worked diligently to assess the exposure of affected contracts, relocate insecure funds, and avert a potential theft.
Details of the Exploit
According to Dadosh, co-founder and president of Venn Network, the attackers managed to preemptively infiltrate contract deployments, embedding harmful implementation codes unnoticed.
“The intruder took advantage of specific implementations, effectively installing a covert backdoor across thousands of contracts,”
Dadosh outlined. This backdoor rendered illicit activities nearly undetectable following the initialization of those contracts.
Impact on DeFi Protocols
Deeberiroz noted that numerous DeFi protocols succeeded in safeguarding several hundred thousand dollars during this operation just in time to counteract the intruders. He expressed concern about the vast potential risk, indicating that
“tens of millions of dollars”
were at stake, with a possibility of an even more alarming expansion of vulnerabilities affecting a larger share of total value locked (TVL) in the protocols implicated.
Response from Affected Protocols
Amid these developments, Berachain, one of the protocols impacted, acted promptly to mitigate risks by halting its incentive claim contract. The Berachain Foundation reassured the community via X that no user funds had been compromised or lost, stating that they would transfer assets to a new contract and that reward claims would resume in less than a day after the recreation of distribution merkle trees.
Speculations on the Attackers
David Benchimol, another researcher from Venn Network, speculated that the notorious North Korean hacking group Lazarus might be behind this sophisticated operation, which targeted multiple Ethereum Virtual Machine (EVM) chains. He observed that the attackers seemed to be biding their time for a more lucrative opportunity before executing their plan, lending credence to the idea of an organized group behind the maneuver. However, he maintained that there is no definitive evidence linking Lazarus to this specific incident.
