Venus Protocol pauses after $13.5m phishing attack hits major wallet

Bitget App

Trade smarter

Bitget

News

Crypto.News2025/09/01 16:00

By:By David MarsanicEdited by Jayson Derrick

One Venus Protocol user apparently suffered a phishing attack, costing the user $13.5 million.

Summary

Venus Protocol paused its smart contract after one user lost $13.5 million
According to PeckShield, the user fell victim to a phishing scam
The protocol stated that they would help the user recover their funds

DeFi platform Venus Protocol has paused its smart contract after a major incident. On Tuesday, Sept. 2, PeckShield reported that one Venus Protocol user lost $27 million in a phishing scam. The security firm later corrected the figure to $13.5 million, after accounting for the wallet’s debt position.

#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker's address (0x7fd8…202a) for asset transfer. pic.twitter.com/NwkVlDxxOZ
— PeckShieldAlert (@PeckShieldAlert) September 2, 2025

According to PeckShield, the user was tricked into approving a malicious transaction. This granted automatic approval for any transaction the attacker initiated, effectively giving the attacker control over all funds in the wallet.

Venus Protocol pauses smart contract

In response, Venus Protocol paused its smart contract as a precautionary measure, stating that it has started an investigation into the incident. The team later stated that the smart contract would remain paused while it helps the user recover the funds. “If the protocol resumes now, the hacker gets the user’s funds,” the team added.

Update: we are in direct contact with the victim of the phishing attack, and the protocol will remain paused while we try to recover his funds.

Venus was not exploited, but we are committed to protecting our users. If the protocol resumes now, the hacker gets the user's funds. https://t.co/441ncPEbla
— Venus Protocol (@VenusProtocol) September 2, 2025

The team clarified that the losses to the user did not come from a smart contract exploit. Rather, the user was the victim of a targeted phishing attack. The team also reassured users with outstanding debts that liquidations are paused.

Pausing a DeFi smart contract is always a controversial move. Affected users appreciate the effort to punish the hackers and deny them the funds. However, some other users see it as going against the decentralized ethos of the DeFi space and as proof that the project is centralized.

Phishing scams are becoming a major problem for DeFi. Attackers often use fake websites disguised as reputable apps to trick users into signing malicious transactions. Between May 2021 and August 2024, users lost $2.7 billion in similar attacks.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!