BNB Chain-based lending platform Venus Protocol has fully resumed services after a dramatic pause triggered by a phishing attack that cost one of its users nearly $27 million.
The protocol announced late Tuesday on X that withdrawals and liquidations were live again from 9:58 PM UTC, with the compromised funds placed under Venus’ protection.
The trouble started when a major Venus Protocol wallet, listed on-chain as ‘0x56…2008,’ was compromised. On-chain activity shows the wallet owner accidentally approved a malicious transaction, which handed the attacker control of assets worth tens of millions of dollars.
Security firm PeckShield was quick to flag the case, making it clear that Venus itself wasn’t exploited; the loss came from a phishing scam that targeted the individual user.
Venus moved quickly to contain the fallout. Operations were frozen to stop the attacker from exploiting the situation further. In a public statement, the team explained that resuming services immediately would have allowed the hacker to walk away with the stolen funds, something they were determined to prevent.
Community Backs Emergency Plan
With pressure mounting, the Venus team had turned to its community for direction through what it described as a “lightning vote.” The proposal outlined three key steps: partial reopening to let users repay debt and supply collateral, recovery of the stolen funds, and a complete security review before full resumption.
In response, every vote supported the plan, giving the team the mandate to move forward. Soon after, Venus partially reopened, allowing users to adjust positions and avoid liquidation risks. But users still couldn’t withdraw their assets until the stolen funds were safely recovered.
Once recovery was confirmed, the protocol proceeded to restore full functionality. By late Tuesday night, all services were back online. The Venus team also said a detailed security review had been completed to prevent similar incidents in the future.
A Reminder for DeFi Users
The case highlighted one of the most persistent risks in decentralized finance: phishing. Even though Venus’ smart contracts were never breached, one malicious approval was enough to trigger a crisis that forced a multi-million-dollar freeze.
Also Read: Bunni DEX Exploiter Drains $2.3M From Ethereum Pools
