Defi Lending Platform Venus Protocol recovered the user fund in a prompt response following a security incident on September 2, 2025.
The loss initially reported as $27 million in Peckhield’s report was later adjusted to $13.5 million after the user’s debt position was taken into account.
According to Venus, the user’s wallet was compromised in a phishing attack. It turns out that the attacker installed a malicious Zoom client on the user’s computer, obtained authorization, and suppressed the user to approve transactions that would make the user an authorized representative of the Venus account. Using this method, the attacker made loans and withdrawals on behalf of the victim.
Just 20 minutes after a suspicious transaction was detected by security companies’ hexagons and exaggeration, the Venus team paused the protocol. After about 13 hours of work, the stolen funds were collected and the platform was running at full capacity.
Venus has implemented an “emergency voting” mechanism to protect users throughout the process. Partial activity began within the first five hours, and the attacker’s wallet was forced to be settled within seven hours. A comprehensive security review was completed within 24 hours.
The company claimed that there were no security vulnerabilities in the platform’s front-end and that the Venus protocol is completely secure. He also said that measures have been taken to prevent user liquidation during the suspension and that no liquidation occurred in the BNB core pool during this period.
Venus Protocol has issued the following statement following the incident:
Fund security is our number one priority. This attack was caused by malware installed on the user’s device, not by protocols. Thanks to quick action, both user funds were recovered and the security of the entire protocol was checked.
*This is not investment advice.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
