On July 10, 2025, Venn Network researcher Deeberiroz revealed on X a critical backdoor exploit endangering thousands of smart contracts, risking over $10 million in crypto assets. The vulnerability, lurking for months, targeted uninitialized ERC-1967 proxy contracts, allowing attackers to hijack them before proper setup.
Discovered on Tuesday, the threat sparked a 36-hour effort by Venn Network, alongside security experts Pcaversaccio, Dedaub, and Seal 911. They assessed affected contracts and secured vulnerable funds, outmaneuvering attackers by keeping the operation secret. Or Dadosh, Venn Network’s co-founder, explained to Cointelegraph that attackers exploited deployments to inject hidden backdoors, granting them undetectable control over contracts post-initialization.
Among the affected protocols, Berachain paused its incentive claim contract and moved funds to a secure contract, ensuring no user losses. The Berachain Foundation announced on X that incentives would resume within 24 hours. Venn researcher David Benchimol suggested the sophisticated attack, deployed across all EVM chains, bore hallmarks of the North Korean Lazarus Group, though no confirmation exists.
The operation saved hundreds of thousands in crypto, with potential losses estimated in the tens of millions. Dadosh warned that unchecked, the exploit could have threatened a larger share of DeFi’s total value locked. The incident underscores the need for rigorous smart contract audits and proactive security measures.
