Venus Protocol Sees Unanimous Vote to Liquidate Hacker Who Stole $13.5M from User

A hacker stole $13.5 million from a Venus Protocol user through a phishing attack. The protocol's stakeholders voted to liquidate the attacker's wallet, recover the stolen funds, and restart the protocol. This move aims to protect investor funds and maintain the protocol's integrity. The incident highlights DeFi communities' efforts to rewrite rules and recover from malicious exploits.

A user of the Venus Protocol has lost $13.5 million to a suspected phishing scam on the BNB Chain. The incident, which occurred on September 2, 2025, highlights the ongoing security challenges faced by decentralized finance (DeFi) platforms [1].

According to PeckShield Security, the victim approved a malicious transaction and granted token approval to the attacker’s address, facilitating the asset transfer. The stolen assets remain in the hacker’s wallet address and have not been converted to other tokens or moved towards cashing out [1].

Venus Protocol has confirmed that the user was attacked, but the protocol's smart contract was not compromised. The protocol has been paused following security protocols, and the community is being kept updated as the investigation progresses [1].

The Venus native governance token XVS sharply fell by over 5% following the news of the attack but has since recovered to $6.01 at press time. The token has lost most of its value since launching around $2.07 in 2020, now down 95.9% after reaching a peak of $147.02 in May 2021 [1].

In response to the attack, Venus Protocol stakeholders voted to liquidate the attacker's wallet, recover the stolen funds, and restart the protocol. This move aims to protect investor funds and maintain the protocol's integrity. The incident underscores DeFi communities' efforts to rewrite rules and recover from malicious exploits [2].

The Venus Protocol incident marks the first major attack on the BNB Chain in some time, aside from the liquidity manipulation that occurred in March with Four.Meme, a popular meme token launch platform on Binance’s BNB Chain. The BNB Chain’s security streak has been broken, and the protocol's stakeholders are taking proactive measures to address the issue [1].

The Venus Protocol incident is part of a broader trend in the DeFi sector, where security vulnerabilities have surged in 2025. According to a recent article, DeFi security breaches surged in 2025, with $163 million stolen in August alone via 16 exploits, marking 80% of total crypto losses [2]. Smart contract flaws and cross-chain attacks dominated risks, including the $40 million GMX re-entrancy and $48 million BtcTurk multi-chain breaches [2].

Investors must prioritize audited protocols, multi-chain diversification, and user education to mitigate phishing and technical vulnerabilities. Proactive security measures like formal verification reduced hack rates by 30%, emphasizing operational risk as critical to DeFi investment success [2].

References:
[1] https://cryptonews.com/news/venus-protocol-user-loses-13-5m-to-a-suspected-phishing-scam-on-bnb-chain/
[2] https://www.ainvest.com/news/defi-security-vulnerabilities-implications-dex-investment-strategy-2509/