Researchers foil $10M DeFi backdoor in thousands of smart contracts

The Venn Network team suspects the threat was linked to the North Korean Lazarus Group, citing its complexity and widespread deployment.

Crypto security researchers uncovered and neutralized a critical threat affecting thousands of smart contracts, potentially preventing more than $10 million in crypto from being stolen.

On Thursday, pseudonymous Venn Network researcher Deeberiroz shared in an X post that a backdoor exploit had been silently threatening the ecosystem for months. The researcher said the exploit targeted uninitialized ERC-1967 proxy contracts, allowing them to hijack the contracts before they had been properly set up.

Venn Network discovered the vulnerability on Tuesday, triggering a 36-hour rescue operation involving several developers, including security researchers Pcaversaccio, Dedaub and Seal 911, who worked together to evaluate affected contracts and move or secure vulnerable funds.