Venus Protocol Security Strength: How $13M in Drained User Funds Was Recovered in Hours

Reliable lending protocols are the backbone of DeFi. Many users rely on them to deposit significant amounts of capital, enabling borrowing, lending, and participation in a variety of decentralized finance strategies. Venus Protocol, one of the leading multichain lending platforms with more than $2.6 billion in TVL, recently demonstrated both its resilience and strong onchain security framework.

On September 2, 2025, a Venus user became the target of a phishing attack that drained approximately $13M in funds. The suspicious activity immediately triggered a security alert, prompting the protocol to pause operations as a precaution. Within just 13 hours, the stolen assets were successfully recovered, and Venus Protocol returned to full functionality without further disruption.

Timeline: From Detection to Recovery

The victim reported that attackers used a malicious Zoom client to gain control of their machine. Using this access, they tricked the user into approving them as a valid Venus delegate, allowing the attacker to borrow and redeem on the user’s behalf and drain approximately $13M across multiple assets, including USDT, wBETH, FDUSD, USDC, and BTCB

Venus responded swiftly—pausing the protocol shortly after detecting the suspicious transaction, ensuring the attacker could not access or transfer the stolen assets. Following security advice, the Venus team also paused the EXIT_MARKET action across all markets, preventing the attacker from disabling some of the stolen assets that were acting as collateral. Coordinating with security partners and deploying a custom liquidator, the team successfully recovered all stolen funds, restoring the protocol to full operation safely and securely.

Key Details

• Funds Drained: 19.826M USDT, 3,744 wBETH, 311,571 FDUSD, ~15,000 USDC, and a small amount of ETH
• Victim wallet address: 0x563617b87d8bb3f2f14bb5a581f2e19f80b52008
• Attacker wallet address: 0x7fd8f825e905c771285f510d8e428a2b69a6202a
• Receiver wallet address (recovered funds and debt from attacker): 0xC753FB97Ed8E1c6081699570b57115D28F2232FA
• Custom Liquidator: 0xe011d57ecf48c448a7601eae30e6bf2d22886c50
• Type of Attack: Phishing via malicious Zoom client granting delegated access
• Full key event details:

Venus Protocol: SAFU, Backed by Strong Security

Venus is a leading protocol launched in 2020, allowing users to borrow and lend in a safe, decentralized environment. With over $2.6 billion in TVL across 8 chains, Venus stands out for its strong approach to user security. Currently, it ranks among the top ten most secure lending and borrowing projects according to CertiK and has undergone multiple audits by leading security firms, including PeckShield, Quantstamp, Code4rena, and others. To stay informed about Venus and learn more about the protocol, follow the official links: