Overview
- Venus halted the platform as an emergency measure and is coordinating with the victim and security teams including Binance Security, PeckShield, Cyvers, HexaGate, ChaosLabs, and ZeroShadow.
- Security firms revised the initial near-$27 million figure to about $13.5 million after accounting for the wallet’s debt position.
- The attacker drained vUSDT, vUSDC, vXRP, vETH, and BTCB after the victim approved a malicious transaction granting transfer permissions.
- Cyvers reports the stolen tokens remain in attacker-controlled contracts and have not been swapped, with recovery efforts ongoing.
- Preliminary indicators raised by ZeroShadow and SlowMist suggest possible DPRK links, though attribution remains unconfirmed, and XVS fell roughly 6% to 9% following the incident.