DeFi Wins First Battle as Community Halts $13.5M Phishing Heist

Generated by AI AgentCoin World
Thursday, Sep 4, 2025 9:11 am ET2min read
BNB
--
ETH
--
Aime RobotAime Summary

- Venus Protocol recovers $13.5M stolen in phishing attack by North Korea-linked Lazarus Group.

- Attack used malicious Zoom client to steal delegated account control, draining stablecoins and wrapped assets.

- Security partners HExagate/Hypernative detected anomalies, triggering protocol pause and community-led wallet liquidation.

- First DeFi precedent for community governance to recover stolen funds without risking other user assets.

- Highlights rising crypto threats: $2B+ in hacks this year, with DeFi platforms adopting collaborative security strategies.

Venus Protocol, a decentralized finance (DeFi) lending and stablecoin platform, has successfully recovered $13.5 million in cryptocurrency from a phishing attack that targeted one of its users. The incident, which occurred on Tuesday, was attributed to the North Korea-linked Lazarus Group, a hacking collective responsible for some of the largest cyberattacks in the cryptocurrency industry, including the $600 million Ronin bridge exploit and the $1.5 billion Bybit hack [1].

The attack involved a malicious

Zoom
client that deceived the victim into granting delegated control over their account. This allowed the attackers to initiate transactions that drained millions in stablecoins and wrapped assets from the user’s wallet. However, Venus Protocol's security partners, HExagate and Hypernative, flagged the suspicious activity within minutes, prompting the protocol to be paused as a precautionary measure. This pause halted further fund movement, enabling the platform to investigate and identify the source of the breach [1].

An emergency governance vote was quickly initiated by Venus Protocol's community, leading to a unanimous decision to liquidate the attacker’s wallet. The protocol executed this action in under 12 hours, seizing the stolen tokens and redirecting them to a recovery address. This marked the first successful recovery of stolen funds by the community through a governance vote, setting a precedent for how DeFi platforms can respond to malicious exploits without compromising the safety of other user positions [3].

Kuan Sun, the victim of the attack, expressed gratitude toward Venus Protocol and its partners, stating, “What could have been a total disaster turned into a battle we actually won, thanks to an incredible group of teams” [1]. PeckShield,

Binance
, and SlowMist further assisted in the recovery process, with SlowMist identifying the Lazarus Group as the likely perpetrators based on their extensive analysis. The attack aligns with previous patterns attributed to the group, particularly in targeting high-value accounts through phishing schemes [1].

Phishing attacks remain a significant threat in the DeFi ecosystem, often exploiting human trust and urgency to execute malicious transactions. In this case, the attacker exploited the victim's account through a deceptive social engineering tactic that mimicked a legitimate service. Venus Protocol’s swift response, supported by its security partners, demonstrated how proactive measures and community governance can mitigate the impact of such attacks [2].

The successful recovery has also underscored the broader trend of rising cyber threats in the crypto industry. Losses from hacks and exploits have exceeded $2 billion this year, nearly doubling from the same period in 2024. The $1.4 billion Bybit hack in March remains the largest single incident, but the Venus Protocol case highlights how decentralized platforms are increasingly adopting collaborative strategies to address security breaches [3].

Source: [1] Venus Protocol Recovers $13.5M in Phishing Attack (https://cointelegraph.com/news/venus-protocol-recovers-13-5m-stolen-phishing-attack) [2]

BNB
Whale Drained of $13.5M in DPRK-Linked Phishing Attack (https://finance.yahoo.com/news/bnb-whale-drained-27m-dprk-131603827.html) [3] Venus Protocol votes to liquidate attacker who stole $13m (https://www.dlnews.com/articles/defi/venus-protocol-votes-to-liquidate-attacker-behind-13m-hack/)