On September 4, Venus Protocol successfully returned $13.5 million in cryptocurrency to a user whose wallet had been compromised in a phishing scheme linked to North Korea’s Lazarus Group.
The attack took place on September 2 and involved the use of a tampered Zoom application. After the victim unknowingly installed it, they were tricked into handing over control of their wallet.
After the transactions began, two of Venus Protocol’s security partners, Hypernative and HExagate, flagged the unusual activity. Their early warning allowed the platform to temporarily pause operations.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
Crypto Token VS Coin (Animated Explainer & Examples)
Venus Protocol then checked its systems to make sure the issue did not come from within. The investigation confirmed that neither the protocol’s smart contracts nor its user interface had been altered or compromised.
To recover the stolen funds, Venus Protocol held an emergency governance vote. The outcome approved a forced liquidation of the attacker’s wallet. This action allowed the platform to seize the stolen tokens and move them to a secure recovery wallet.
According to Venus, the full recovery, from detecting the suspicious behavior to transferring the funds, was completed in under 12 hours.
Kuan Sun, the victim of the phishing attack, later thanked the teams involved and said the outcome was a win in a situation that could have ended much worse.
On September 3, World Liberty Financial (WLFI) blacklisted compromised wallet addresses before its token launch. How? Read the full story.
