On September 2, 2025, Venus Protocol faced a serious phishing incident that drained about $13 million from one user. The attack forced Venus to halt core actions across its platform while security teams worked on recovery.
As reported by Venus Protocol on X, the hack began when the victim unknowingly approved a phishing request. This gave the attacker control over their wallet without needing access to private keys; the hacker could redeem and borrow assets directly.
The attacker kicked things off by taking out a flash loan of 285.72 BTCB to settle the victim’s debt of 306.89 BTCB. Once that was out of the way, they exploited a phishing approval to siphon the victim’s deposits into their own wallet. The haul included $19.8 million in USDT, 3,744 wBETH, 311,571 FDUSD, and over 15,000 USDC.
The attacker wasn’t finished yet. This person decided to borrow another $7.14 million in USDC, putting the victim’s BNB up as collateral. However, BNB being the fact can not be transferred like regular tokens created a mess.
The wallet became unstable and risky leading to a partial liquidation of around $2.66 million. Consequently, the victim was left with a hefty debt and with fewer assets to cover it.
Rapid Pause and Security Checks
Venus went further to explain that Security firms Hexagate, Hypernative, and Peckshield alerted Venus about the suspicious activity. As a result, Venus halted its procedures and stopped important activities. As a result, the attacker was unable to transfer the stolen assets any farther.
In order to coordinate answers, the protocol then created a Telegram group with Peckshield, Venus, and the victim. Venus also began an exhaustive review of its frontend to confirm that no official dApp was compromised.
Recovery and Restoration Steps
Moreover, Venus quickly built a custom liquidator contract recovery tool to get back the stolen assets. This tool grabbed the stolen tokens, paid off the attacker’s debt, and moved everything safely into a secure wallet.
Venus locked down all of the collateral and completely liquidated the attacker’s wallet using borrowed money. The team was able to retrieve the stolen funds and return the platform to normal functioning in under 13 hours.
This recovery stresses fast response and a coordinated defense in DeFi. It also shows phishing as one of the biggest threats, rather than an issue with the protocol itself.
Also Read: Etherscan Launches Seiscan Explorer on Sei Network
