Particle.news

Download on the App Store

Venus Protocol Pauses After Phishing Drains Whale Wallet, Loss Now Estimated at $13.5 Million

Investigators say the loss stemmed from a malicious token approval rather than a protocol flaw.

Overview

  • Venus halted the platform as an emergency measure and is coordinating with the victim and security teams including Binance Security, PeckShield, Cyvers, HexaGate, ChaosLabs, and ZeroShadow.
  • Security firms revised the initial near-$27 million figure to about $13.5 million after accounting for the wallet’s debt position.
  • The attacker drained vUSDT, vUSDC, vXRP, vETH, and BTCB after the victim approved a malicious transaction granting transfer permissions.
  • Cyvers reports the stolen tokens remain in attacker-controlled contracts and have not been swapped, with recovery efforts ongoing.
  • Preliminary indicators raised by ZeroShadow and SlowMist suggest possible DPRK links, though attribution remains unconfirmed, and XVS fell roughly 6% to 9% following the incident.