The Venus protocol temporarily suspended its platform on September 2 after a user lost dozens of millions of dollars in an objective phishing incident.
The Pause followed the reports of the Blockchain Cyvers security firm, which marked a suspicious transaction that exhausted almost $ 27 million of a single wallet.
According to reports, stolen assets included $ 19.8 million in Vusdt, $ 7.15 million in VUSDC, $ 146,000 in VXRP, $ 22,000 in VETH and 285 BTCB.
Cyvers Added:
“The stolen funds are currently maintained in the attacker’s contract and remain without expelling.”
In his statement, the Venus team confirmed that he was investigating the incident and was applying the necessary security protocols to protect his platform.
How are you phishes
While the loss scale initially increased the fears of a feat at the protocol level, experts emphasized that Venus had not committed.
The Defi researcher, Ignas, citing Chatgpt responses, said the defi protocol operated optimally and explained that the attacker had exploited the previously approved authorizations granted by the committed wallet.
Meanwhile, the founder of Slowmist, Yu Xian, expanded on this, stating that the victim had been deceived to sign a malicious approval transaction. This action gave the attacker unlimited permits to transfer tokens directly from the wallet.
He added that while Venus intelligent contracts are not affected, the possibility of a kidnapped interface cannot be dismissed.
Xian also suggested that the victim could have been attacked through an poisoning attack designed to compromise his computer.
According to him, the hacker demonstrated planning and sophistication, using complex financing sources, including gas rates enrupted through monero exchanges.
Added:
“The big holder and we are coordinating, many details will not be expanded for now, and the real loss is not precise, it is possible that it has not exceeded $ 20 million.”
