Overview

• Venus halted the platform as an emergency measure and is coordinating with the victim and security teams including Binance Security, PeckShield, Cyvers, HexaGate, ChaosLabs, and ZeroShadow.
• Security firms revised the initial near-$27 million figure to about $13.5 million after accounting for the wallet’s debt position.
• The attacker drained vUSDT, vUSDC, vXRP, vETH, and BTCB after the victim approved a malicious transaction granting transfer permissions.
• Cyvers reports the stolen tokens remain in attacker-controlled contracts and have not been swapped, with recovery efforts ongoing.
• Preliminary indicators raised by ZeroShadow and SlowMist suggest possible DPRK links, though attribution remains unconfirmed, and XVS fell roughly 6% to 9% following the incident.