SlowMist Founder: Malicious Wallet Extension Behind Venus User Asset Theft

An analysis by security firm SlowMist reveals the theft was due to a compromised wallet extension that altered a user's intended transaction, not a flaw in the Venus protocol itself.

XMR

193d ago

Summary

According to security firm SlowMist, a recent asset theft from a Venus protocol user resulted from a compromised wallet extension, not a protocol vulnerability. The analysis indicates the attacker replaced the victim's extension, which was used with a hardware wallet, to maliciously switch a 'redeem' operation to an 'updateDelegate' operation, enabling the theft. Tracing efforts have partially linked the stolen funds to Monero (XMR) and a sanctioned darknet exchange.

Terms & Concepts

Venus Protocol: A decentralized finance (DeFi) protocol that enables algorithmic-based lending and borrowing of digital assets on the BNB Chain.
Monero (XMR): A privacy-focused cryptocurrency that uses advanced cryptography to obscure sender, receiver, and transaction amount details.
Wallet Extension: A browser plugin that functions as a cryptocurrency wallet, allowing users to interact with decentralized applications (dApps) and manage their assets.