The decentralized lending platform Venus Protocol became the target of a sophisticated hack on September 2, 2025. Despite the attack, the team managed to stabilize the situation within hours and successfully recover the stolen funds — a rare achievement in the DeFi space.
How the Attack Happened
The incident started with the compromise of a user’s wallet. Investigations revealed that a modified version of the Zoom client had been installed on the victim’s computer, containing malicious software. This allowed attackers to gain authorization and trick the user into approving transactions, effectively making them the authorized representative of the account on Venus Protocol.
From there, they executed a series of loans and withdrawals in the victim’s name. Initially, damages were reported as $27 million (according to PeckShield), but after factoring in the user’s debt position, the actual loss was reduced to $13.5 million.
Venus’ Rapid Response
Security firms Hexagate and Hypernative detected the suspicious activity, and within just 20 minutes the entire protocol was paused. The crisis response then unfolded as follows:
Within 5 hours partial activity was restoredIn the 7th hour the attacker’s wallet was forcibly liquidatedAfter 13 hours the stolen funds were recoveredWithin 24 hours a full security review was completed
The platform emphasized that no users were liquidated within the BNB Core Pool and that the protocol itself remained technically secure.
Official Statement
Venus Protocol representatives stated:
“The security of our users’ funds is our top priority. This attack was not caused by any vulnerability in our protocol, but by malware on a user’s device. Thanks to our swift actions, we recovered the funds and confirmed the safety of the entire platform.”
Why It Matters
This case highlights that even during sophisticated social engineering attacks, the speed of developer and security team responses can make all the difference. It also serves as a reminder that the biggest weakness in DeFi is often not the protocols themselves, but users and their devices.
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
Venus Protocol Faced a Hack but Managed to Recover Stolen Funds
The decentralized lending platform Venus Protocol became the target of a sophisticated hack on September 2, 2025. Despite the attack, the team managed to stabilize the situation within hours and successfully recover the stolen funds — a rare achievement in the DeFi space.
How the Attack Happened The incident started with the compromise of a user’s wallet. Investigations revealed that a modified version of the Zoom client had been installed on the victim’s computer, containing malicious software. This allowed attackers to gain authorization and trick the user into approving transactions, effectively making them the authorized representative of the account on Venus Protocol. From there, they executed a series of loans and withdrawals in the victim’s name. Initially, damages were reported as $27 million (according to PeckShield), but after factoring in the user’s debt position, the actual loss was reduced to $13.5 million.
Venus’ Rapid Response Security firms Hexagate and Hypernative detected the suspicious activity, and within just 20 minutes the entire protocol was paused. The crisis response then unfolded as follows: Within 5 hours partial activity was restoredIn the 7th hour the attacker’s wallet was forcibly liquidatedAfter 13 hours the stolen funds were recoveredWithin 24 hours a full security review was completed The platform emphasized that no users were liquidated within the BNB Core Pool and that the protocol itself remained technically secure.
Official Statement Venus Protocol representatives stated: “The security of our users’ funds is our top priority. This attack was not caused by any vulnerability in our protocol, but by malware on a user’s device. Thanks to our swift actions, we recovered the funds and confirmed the safety of the entire platform.”
Why It Matters This case highlights that even during sophisticated social engineering attacks, the speed of developer and security team responses can make all the difference. It also serves as a reminder that the biggest weakness in DeFi is often not the protocols themselves, but users and their devices.
#VenusProtocol , #defi , #CryptoSecurity , #phishing , #CyberSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies! Notice: ,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“