Decentralized finance (DeFi) platform Venus Protocol has assisted its user, Kuan Sun, in recovering $13.5 million in cryptocurrency after a phishing attack reportedly linked to North Korea’s Lazarus Group.
According to an official statement on X from Venus Protocol, the victim reported that the attackers exploited a malicious Zoom client to gain control over their device. Using this access, the attackers tricked Sun into authorizing a transaction that designated them as a valid Venus delegate, allowing them to borrow and redeem funds from the victim’s account.
Approximately 20 minutes after the attack, security alerts from Hexagate and Hypernative were triggered, prompting Venus Protocol to pause operations. During this pause, a full security review of Venus’ front-end confirmed that it had not been compromised.
To prevent the attacker from moving the victim’s funds, the platform proposed remedial measures to the community through a lightning vote, ensuring a coordinated response.
Venus Protocol reported that its team was able to investigate the incident, secure users, recover the stolen funds, and restore normal operations in under 12 hours.
Sun shared a “gratitude thread” on X following the recovery of their funds, praising Venus Protocol for its swift response and decisive actions to resolve the incident. They also acknowledged the support of Hexagate, Hypernative, and PeckShield for their role in identifying and addressing the attack.
“They were among the very first to detect the suspicious transaction and immediately reached out to Venus with critical advice: to pause the protocol. That early warning and decisive recommendation was what gave us the crucial window to respond before things got worse,” Sun wrote regarding Hexagate and Hypernative.
At the conclusion of Sun’s thread, they also expressed gratitude to blockchain security firm SlowMist for their assistance. “They carried out extensive analysis work and were among the very first to point out that Lazarus was behind this attack,” they wrote.
The Lazarus Group is a cybercriminal organization linked to North Korea, known for carrying out high-profile cyberattacks and financial heists targeting cryptocurrency platforms, banks, and companies worldwide. It is widely believed to operate under the direction of the country’s intelligence apparatus and is associated with sophisticated hacking techniques aimed at both political and financial objectives.
The incident shows how complex security challenges are becoming in decentralized finance and demonstrates the need for constant vigilance and swift action to protect digital assets.
