Security experts have thwarted the theft of over $10 million in cryptocurrency. They identified and rectified a critical vulnerability affecting “thousands of smart contracts.”
We @VennBuild just discovered a critical backdoor on thousands of smart contracts leaving over $10,000,000 at risk for months
Along with the help of security researchers @dedaub @pcaversaccio, the seals team @seal_911 and others, we managed to rescue the majority of funds…
— deebeez (@deeberiroz) July 9, 2025
Venn Network researcher Deeberiroz reported that the breach had been covertly threatening the ecosystem for several months. A vulnerability in ERC-1967 proxy contracts allowed attackers to seize control before full configuration.
Venn Network co-founder Or Dadosh explained that the hacker embedded malicious code during contract deployment, granting hidden and persistent access to asset management.
Venn Network discovered the vulnerability on July 8, triggering a 36-hour rescue operation involving several teams, including Pcaversaccio, Dedaub, and Seal 911. They worked discreetly to avoid alerting the hacker. Experts assessed the affected contracts and secured the vulnerable funds.
Thanks to the operation’s secrecy, several DeFi protocols managed to protect assets before the attacker could withdraw them.
“We found that tens of millions of dollars were at risk. It is alarming that the damage could have escalated, affecting a significant portion of the funds locked in protocols,” said Dadosh.
One of the affected protocols was Berachain.
Bm beras,
Earlier today, a potential vulnerability in the PoL Incentive Claim contract was identified.
In response, incentive claims and the contract were paused, funds were withdrawn from the contract, and will be migrated into the new one shortly.
✅ No user funds are at…
— Berachain Foundation ?⛓ (@berachain) July 9, 2025
The team paused the vulnerable contract and transferred the funds to a new one. Project representatives confirmed that user funds were not affected.
Venn Network researcher David Benchimol suggested that the North Korean hacker group Lazarus Group might be behind the attack. He noted that the attack vector was highly complex and employed across all EVM-compatible networks.
He also remarked that the attacker was waiting for a larger target, indicating an organized group. Benchimol emphasized that there is no direct evidence linking North Korean hackers to the incident.
Back in June, BitMEX revealed operational security vulnerabilities of Lazarus.