Crypto security researchers are uncovered and neutralized a critical threat that affects thousands of smart contracts, which potentially prevent more than $ 10 million in crypto from stolen.
On Thursday, Pseudonymous Venn Network Researcher Deeriroz shared In an X post that a backdoor exploitation has quietly threatened the ecosystem for months. The researcher said the exploitation was targeted by the ERC-1967 proxy contracts, allowing them to hijack the contracts before they were properly set up.
The Venn Network discovered the weakness on Tuesday, triggering a 36-hour rescue operation involving some developers, including security researchers Pcaversaccio, DedAub and SEAL 911, who worked together to evaluate affected contracts and move or secure weak funds.
Attacks have been impressed by malicious contract implementation
Or Dadosh, co-founder and president of the Venn Network, said Cointelegraph said the front-ran of the attack and injection of malicious implementation.
“In the simplest terms, the attacker took advantage of some deployment that allowed them to place a well-hidden back door to thousands of contracts,” Dadosh told Cointelegraph, adding that the attack could take weak contracts at any point.
Following the attack, the hacker had an unspecified, irreplaceable backdoor for months. When the contract is started, it creates a malicious activity that is almost invisible.
Security researchers exceeded the attacks by maintaining weakness under the wrapped during surgery, which led to a successful rescue.
Deeriroz said that many decentralized finance (DEFI) decentralized protocols have been securing a hundred -thousands of crypto during operation, working on the time before the attacks are able to sue the owners.
“We found ten -ten million dollars of potential at risk,” Dadosh said. “But even scary is if it could continue to grow, and a greater part of the general TVL (total amount locked) held by the protocols involved could be threatened.”
Berachain stopped the contract, allegedly Lazarus
The affected protocols include Berachain, whose team responds by pauseing the affected contract. On Thursday, the Berachain Foundation recognized The potential weakness and the incentive contract contracts and moved its funds to a new contract.
“There are no user funds at risk, or lost,” the Berachain Foundation wrote to X. “The incentives will be re -claimed within the next 24 hours as the Merdles for distribution will be recreated.”
Related: Brazil’s Central Bank Service Provider is that -hack, $ 140m stolen
Venn Network Security Researcher David Benchimol suspects North Korea’s deadly hacking team, Lazarus, is involved in attacking. Benchimol told Cointelegraph that “Vector attacks are very sophisticated and deployed in every EVM chain.”
The researcher also noted that the attack was waiting for a larger target before conducting an attack, making it more likely from an organized group. Despite this, Benchimol told Cointelegraph that there was no confirmation that Lazarus was involved in attacking.
https://www.youtube.com/watch?v=ndv0rFehetq
Magazine: Coinbase Hack shows the law probably won’t protect you – here’s why
