The decentralized lending protocol Venus Protocol (XVS) experienced a major security incident on September 2, when a user lost nearly $27 million due to a phishing attack, prompting the platform to urgently suspend operations. As a result, the price of XVS fell to $6.09 on September 3, with a single-day decline of 8.47%, triggering market panic.
Event Overview: Large Amount of Funds Stolen
(Source: Cyvers Alert)
The blockchain security company Cyvers was the first to disclose this incident, stating that the attackers stole various assets from the victim's wallet, including:
1, 19.8 million US dollars of vUSDT
Approximately 7.15 million USD of vUSDC
-
About 146,000 USD of vXRP
-
About 22,000 USD of vETH
5, 285 BTCB (worth millions of dollars)
Cyvers supplement, the stolen funds are currently still held in the attacker’s contract and have not been exchanged or transferred.
Venus team response and platform suspension
Venus officially confirmed the incident in a statement and stated that it has initiated security protocols to protect platform funds and user assets. The team is coordinating an investigation with security experts and major token holders while suspending some platform functions to prevent further losses.
Attack Methods: Phishing and Malicious Authorization
Although the incident initially raised concerns about protocol-level vulnerabilities, several security experts pointed out that the Venus smart contract itself was not breached.
DeFi researcher Ignas cited ChatGPT's analysis stating that the attacker utilized the “infinite authorization” already granted in the victim's wallet to directly transfer assets.
SlowMist founder Yu Xian further explained that the victims may have been induced to sign a malicious approval transaction, thereby granting the attackers full control. He also warned that the possibility of the Venus frontend being hijacked or the victims' computers being subjected to “poisoning attacks” cannot be ruled out.
Hacker Action Characteristics and Fund Flow
According to Yu Xian, the hacker's operation is meticulously planned, with a complex source of funding, and even uses gas fees paid through Monero (XMR) exchanges to conceal their tracks.
Currently, Venus is collaborating with affected large holders to trace the flow of funds and attempting to freeze the related assets. Although the initial estimated loss is close to 27 million USD, the actual loss may be less than 20 million USD.
Conclusion
The Venus Protocol phishing incident has once again sounded the alarm for the DeFi space—despite the protocol itself being secure, the protection of users' wallet authorizations and private keys remains the most vulnerable link. Investors should treat any authorization requests with caution and regularly check wallet permissions to prevent similar attacks. As the platform's investigation and security reinforcement progress, the market will closely monitor whether XVS can stabilize and stop its fall in the short term.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
