Venus Protocol Recovers $11.4M From Phishing Attack in 12 Hours

- Venus recovered $11.4 million within 12 hours after a phishing attack. - An attacker used a fake Zoom client to steal the funds on September 2. On September 8, 2025, The Block reported that Venus Protocol returned $11.4 million to phishing victim Kuan Sun, just six days after an exploit drained his crypto holdings. The phishing attack occurred on September 2, when Kuan Sun inadvertently approved a malicious transaction through a fraudulent Zoom application. As a result, an attacker stole approximately $13 million in stablecoins, including Tether (USDT) and USD Coin (USDC). In response, Venus Protocol, a DeFi lending platform, took swift action by immediately pausing operations to investigate the breach. Venus collaborated with on-chain security firms, including PeckShield, Hexagate, and Hypernative Labs, to conduct an intensive security audit. The investigation confirmed that the hack did not compromise the platform itself, which reassured its users. Venus then enforced a community-approved forced liquidation of the attacker's wallet, recovering $11.4 million within 12 hours. The victim praised Venus Protocol for prioritizing asset recovery and user protection over operational risks, and the broader crypto community also gave the platform positive feedback for its decisive response. This incident, however, highlights a growing vulnerability to phishing scams. In the first half of 2025, blockchain security firm CertiK documented $410 million in losses from similar exploits. Security analysts have linked some attacks, including this one, to the infamous Lazarus Group, a hacking collective reportedly backed by North Korea. Although the market initially responded with price volatility for XVS, Venus Protocol’s governance token, it quickly rebounded to pre-exploit levels. This recovery demonstrated the platform's ability to handle crises effectively through governance and collaboration. The event also reignited debate within the DeFi community over the balance between decentralization and centralized intervention during emergencies. The Venus Protocol incident highlights the growing importance of robust security measures and rapid response strategies in the DeFi space, as phishing exploits and attacks continue to evolve. The platform’s swift recovery sets a benchmark for addressing crypto theft while maintaining community trust.