The smart contracts had been compromised for several months.
Thousands of smart contracts with over $10 million in funds were discovered to have been compromised with a backdoor in a suspected attack by the North Korean hacking collective Lazarus Group.
According to Cybernews, Venn Network researcher Deebeez discovered that the smart contracts had been compromised for several months.
Most of the funds have been recovered following efforts after a 36-hour effort conducted alongside Dedaub and SEAL 911 team researchers, said Deebeez, who noted that threat actors' exploitation of uninitialized ERC1967Proxy contracts enabled not only malicious implementations, but also the impersonation of Etherscan UI.
"Some protocols reconfigured contracts, others upgraded to withdraw $100Ks safely. We secured major DeFi protocols and bridges before the hacker acted," Deebeez added.
Further analysis by Artem Chystiakov revealed the attack to involve proxy contract injection as a nefarious implementation prior to the retrieval of the actual implementation.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
