Overview

• Venus said its smart contracts were not exploited, with the loss traced to a user who approved a malicious token transfer.
• Following the pause, a community and multisig intervention forced liquidations that recovered roughly $13.5 million to protocol reserves.
• Security partners including PeckShield, Cyvers, SlowMist, ZeroShadow and Binance Security assisted, and initial loss estimates near $27 million were revised after factoring in the wallet’s debt.
• Preliminary analysis points to possible DPRK-linked actors, though investigators cautioned that attribution remains unconfirmed.
• Withdrawals and liquidations resumed at 9:58 p.m. UTC on Sept. 2 after checks, a post-mortem is forthcoming, and XVS stabilized after an initial sell-off.