A significant incident has unfolded within the DeFi space, as a user of Venus Protocol suffered a staggering loss of $13 million due to a phishing attack. The immediate aftermath saw the protocol halted, reflecting the seriousness of the security breach.
Venus Protocol, a decentralized finance platform known for lending and stablecoin services, had around $2.7 billion in investor deposits prior to the attack. Those behind the protocol swiftly convened and initiated a proposal to liquidate the funds held by the hacker—in a bid to recover the stolen amount. The plan was executed within hours, and it included measures aimed at protecting other users’ positions on the platform.
The hacker managed to breach the security of a user’s Venus account, utilizing a phishing strategy that involved convincing the victim to unwittingly authorize a malicious transaction. Following the breach, the Venus team acted quickly to pause the protocol, thwarting any attempts by the hacker to launder the stolen funds.
In an emergency meeting, five key wallets voted unanimously to move forward with the liquidation of the hacker’s wallet and to restore the stolen funds to the victim. This action was not only about recovering the funds, but also focused on maintaining the integrity and security of the protocol for all stakeholders. Once the hacker is liquidated, the protocol intends to fully reopen, allowing users the chance to adjust their positions in order to avoid future liquidations.
While the protocol has previously experienced security breaches, the current incident stands out due to the substantial loss involved. Earlier this year, another exploit resulted in nearly $1 million being siphoned off through a so-called “donation attack,” where malicious tokens were sent to a user’s wallet to entice interaction with them, thus exposing the user’s funds.
This latest breach adds to an alarming trend within the cryptocurrency industry, which has witnessed losses from hacks and exploits surpassing $2 billion in 2023 alone—already exceeding the total amount lost in 2024. The most notable incident this year was the $1.4 billion hack of Bybit, marking it as one of the largest heists in crypto history.
The ongoing rise in hacks raises urgent questions about security practices within DeFi communities and how decentralized networks can effectively deal with malicious actors. In light of the recent events, stakeholders are left to contemplate the growing need for enhanced security measures as they engage in the rapidly evolving landscape of decentralized finance.
