okx app

OKX app offers multilingual support, copy trading, and API solutions for global traders. New users enjoy exclusive fee discounts!

Download for Android Download for IOS

Security Experts Thwart $10M Crypto Backdoor in Widespread Smart Contract Exploit

Time :2025-07-11 04:45:44   key word: DeFi security, smart contract vulnerability, Lazarus Group, crypto hacking, bloc

Massive DeFi Threat Neutralized

Cybersecurity specialists have successfully intercepted a sophisticated attack targeting thousands of decentralized finance protocols, potentially preventing the theft of over $10 million in digital assets. The vulnerability exploited uninitialized ERC-1967 proxy contracts, creating hidden backdoors that could have enabled complete contract takeover.

36-Hour Rescue Operation

The Venn Network research team discovered the critical flaw on Tuesday, triggering an emergency response involving multiple security firms. Pseudonymous researcher Deeberiroz revealed the exploit allowed attackers to hijack contracts before proper configuration. ——This represents one of the most sophisticated DeFi threats we've encountered—— noted Or Dadosh of Venn Network.

Attack Methodology

The malicious actors employed a novel strategy of injecting harmful implementations during contract deployment. 【Security logs】 show the attackers maintained undetectable access for months, waiting to strike high-value targets. The operation's scale and complexity have led investigators to suspect involvement by the North Korean Lazarus Group.

Industry-Wide Impact

Several major protocols including Berachain took immediate action upon notification, with the latter pausing and migrating its incentive claim contract. ——No user funds were compromised—— the Berachain team confirmed, though the incident highlights growing risks in the 【$78 billion】 DeFi ecosystem.

Security Lessons

The successful neutralization demonstrates the importance of collaborative security efforts in Web3. Researchers emphasize that contract initialization procedures require enhanced scrutiny, particularly for proxy implementations. As blockchain adoption grows, such coordinated responses will become increasingly critical to maintaining ecosystem trust.