Venus Protocol, a well-known cryptocurrency lending service, has temporarily halted its operations following a large-scale phishing attack that targeted one of the platform’s largest traders. The incident occurred on September 2, when a user signed a malicious smart contract through the updateDelegate() function, allowing the attacker to gain access to their wallet and withdraw $13.5 million.
This is reported by Finway
Response from the Venus Protocol Team and Incident Details
The attack was first reported by analysts at PeckShield, who noted that the initial estimated potential losses were $27 million, but this was later adjusted to $13.5 million. In response to the situation, the Venus Protocol team decided to temporarily suspend platform operations to prevent further fund withdrawals and to provide an opportunity to recover the lost assets for the affected user.
The organization emphasized that the platform itself was not hacked, and the incident is a private case affecting only one user. Representatives from Venus Protocol remain in contact with the victim and are actively working to recover the stolen funds. No new details regarding the investigation have been released yet.
“Venus was not hacked, but we are committed to protecting our users. If we resume operations now, the hacker will access the user’s funds,” the team stated.
Features of Venus Protocol and Market Reaction
Venus Protocol is a lending platform based on smart contracts that allows users to borrow and lend without intermediaries. The service also enables the issuance of its own stablecoin, VAI, backed by excess assets, and the ecosystem is governed through the XVS token.
Following the news of the incident, the XVS token saw a significant drop in price: its value fell from $6.3 to $5.6, although it later partially recovered its positions.
Venus Protocol has previously shown vulnerability to attacks on individual users. A similar situation recently occurred with the decentralized exchange Bunni, which lost $2.4 million as a result of a hack.