A Venus Protocol user reportedly lost about $27 million in assets in a phishing attack that occurred earlier today, causing the platform to briefly suspend operations. The news was first shared by BWEnews on X, who reported that “Venus got exploited for $30m.”
The funds, which included about $19.8 million in vUSDT and $7.15 million in vUSDC, as well as smaller amounts in vXRP, vETH, and BTCB, were wiped out after a fraudulent transaction approval provided complete access to the user’s wallet.
Venus protocol made a post on X on the incident. “We are aware of the user wallet being drained (smart contract is safe) and are actively investigating. Venus is currently paused following security protocols. We will keep you all updated as soon as we know more.”
Venus Protocol has since suspended operations for security checks, although the team has yet to issue an official statement on the matter.
Other users have expressed their concerns on social media, asking when the protocol’s operations will be restored and how they can access their funds.
According to security organisations PeckShield and Cyvers, the hack was not caused by a weakness in the Venus Protocol’s smart contracts; rather, the loss resulted from a user-side error, specifically, a phishing scam where the affected user approved a fraudulent contract, giving the attacker full token access.
This is not the first time Venus has been scrutinised for security issues. The protocol suffered an oracle manipulation exploit in May 2021, resulting in losses of more than $145 million due to abnormal price swings in its XVS token. At the time, the Venus founder publicly said that the occurrence was the result of market behaviour rather than a protocol breach, and outlined steps to mitigate the damage.
The timing of today’s occurrence aligns with a general increase in phishing and cryptocurrency-related vulnerabilities. According to reports from crypto news sites, crypto hacks increased by 15% in August, and losses totalled $2.47 billion in the first half of 2025, primarily due to phishing schemes and DeFi contract weaknesses.
The incident throws more light on the ongoing risk posed by social engineering, even for highly technical users. In the absence of a formal protocol failure, this phishing loss serves as a reminder to increase wallet security. Hardware wallets, limiting transaction approvals, and avoiding suspicious connections are still essential safety measures in Decentralized Finance.
As Venus conducts its investigation, users and stakeholders are waiting for answers on how the protocol intends to assist affected users and prevent future breaches.
