Crypto Researchers Neutralize $10 Million Threat to Smart Contracts

Crypto security researchers recently uncovered and neutralized a significant threat that had been silently compromising thousands of smart contracts, potentially preventing over $10 million in cryptocurrency from being stolen. The vulnerability, discovered on Tuesday, involved a backdoor exploit targeting uninitialized ERC-1967 proxy contracts. This exploit allowed attackers to hijack contracts before they were properly set up, injecting malicious implementations that could have been activated at any time.

The discovery was made by Venn Network, a group of pseudonymous researchers. Deeberiroz, a researcher from Venn Network, shared the findings on X, detailing how the exploit had been threatening the ecosystem for months. The attack was sophisticated, with attackers front-running contract deployments and embedding hidden backdoors in thousands of contracts. Once the contract was initialized, the malicious activity became nearly invisible, making it extremely difficult to detect.

The rescue operation, which lasted 36 hours, involved several developers and security researchers, including Pcaversaccio, Dedaub, and Seal 911. These experts worked together to evaluate affected contracts and secure vulnerable funds. The operation was successful in part because the vulnerability was kept under wraps, preventing the attackers from exploiting it further.

Or Dadosh, co-founder and president of Venn Network, highlighted the severity of the threat. He noted that the attacker had an undetected, unremovable backdoor for months, which could have allowed them to take over vulnerable contracts at any point. The potential impact was significant, with tens of millions of dollars at risk. Dadosh emphasized that if the exploit had continued to grow, a larger portion of the total value locked (TVL) held by the affected protocols could have been threatened.

Several decentralized finance (DeFi) protocols were able to secure hundreds of thousands in crypto during the operation, acting in time before the attackers could siphon the assets. One of the affected protocols, Berachain, responded by pausing the affected contract. The Berachain Foundation recognized the potential vulnerability and paused its incentive claim contract, transferring its funds to a new contract. The foundation assured users that no funds were at risk or lost and that incentives would be claimable again within the next 24 hours.

David Benchimol, a security researcher from Venn Network, suspects that the infamous North Korean hacking group, Lazarus, may have been involved in the attack. Benchimol noted that the attack vector was very sophisticated and deployed on every Ethereum Virtual Machine (EVM) chain. The researcher also pointed out that the attacker was waiting for a bigger target before performing an attack, making it more likely to be from an organized group. However, there is no confirmation that Lazarus was involved in the attack.

The successful neutralization of this backdoor exploit underscores the importance of vigilant security measures in the DeFi ecosystem. The coordinated efforts of researchers and developers played a crucial role in mitigating the potential loss of millions of dollars in crypto assets. As the DeFi landscape continues to evolve, such proactive measures will be essential in safeguarding the integrity and security of smart contracts.