One Venus Protocol user apparently suffered a phishing attack, costing the user $13.5 million.
Summary
- Venus Protocol paused its smart contract after one user lost $13.5 million
- According to PeckShield, the user fell victim to a phishing scam
- The protocol stated that they would help the user recover their funds
DeFi platform Venus Protocol has paused its smart contract after a major incident. On Tuesday, Sept. 2, PeckShield reported that one Venus Protocol user lost $27 million in a phishing scam. The security firm later corrected the figure to $13.5 million, after accounting for the wallet’s debt position.
According to PeckShield, the user was tricked into approving a malicious transaction. This granted automatic approval for any transaction the attacker initiated, effectively giving the attacker control over all funds in the wallet.
Venus Protocol pauses smart contract
In response, Venus Protocol paused its smart contract as a precautionary measure, stating that it has started an investigation into the incident. The team later stated that the smart contract would remain paused while it helps the user recover the funds. “If the protocol resumes now, the hacker gets the user’s funds,” the team added.
The team clarified that the losses to the user did not come from a smart contract exploit. Rather, the user was the victim of a targeted phishing attack. The team also reassured users with outstanding debts that liquidations are paused.
Pausing a DeFi smart contract is always a controversial move. Affected users appreciate the effort to punish the hackers and deny them the funds. However, some other users see it as going against the decentralized ethos of the DeFi space and as proof that the project is centralized.
Phishing scams are becoming a major problem for DeFi. Attackers often use fake websites disguised as reputable apps to trick users into signing malicious transactions. Between May 2021 and August 2024, users lost $2.7 billion in similar attacks.
Source link