

Venus Protocol has recovered funds lost in a phishing attack after swift intervention involving a governance vote.
Summary
- A Venus Protocol whale wallet was drained in a phishing attack which led to an estimated $13.5 million loss
- Venus paused the protocol and used governance powers to liquidate the attacker’s positions.
- The recovery steadied XVS price, but raised questions about decentralization in crisis management.
Venus Protocol, one of the largest lending platforms on BNB (BNB) Chain, has recovered around $13.5 million lost in a phishing incident. The update was shared by the platform on Sept. 3, confirming the assets had been fully restored.
Whale wallet compromised
On Sept. 2, a high-value Venus user lost control of assets worth around $13.5 million after approving a malicious transaction. Security firms initially estimated losses of up to $27 million, but they later modified these figures to take the user’s debt position into consideration.
Among the stolen assets were wrapped Bitcoin (BTCB), vUSDT, vUSDC, vXRP, and vETH. Notably, this was a user-level compromise rather than a breach of Venus’ smart contracts, demonstrating the ongoing risk of social engineering even in DeFi.
Swift response and recovery
In order to prevent the attacker from moving funds or closing positions, Venus instantly paused the protocol. The pause stopped the exploiter’s activity and bought time for an emergency governance vote.
By approving the forced liquidation of the attacker’s holdings, the community was able to secure the stolen assets before they could be mixed or bridged.
By Sept. 3, security firm PeckShield confirmed that the funds had been restored. Transactions on BNB Chain show the recovery in action, with assets returned to protocol reserves. Venus announced full resumption of operations at 9:58 PM UTC after completing security checks.
Market and community reaction
XVS, Venus’s governance token, initially dropped nearly 10% on the news, with a surge in trading volume as users rushed to assess the damage. After the recovery efforts were confirmed, the token stabilized, showing renewed confidence.
The result, which is a rare complete recovery of stolen funds, was made possible by Venus’s emergency tools. However, it has spurred debate about centralization in DeFi because multisig intervention was required to stop the protocol and force liquidations.
Venus said it will release a detailed post-mortem, but emphasized that the protocol itself remained secure.
Phishing attacks have become common in the crypto industry. As opposed to protocol exploits, social engineering relies on user error and avoids code audits, typically through malicious pop-ups or spoof websites.

Source link