- Topic
6k Popularity
51k Popularity
42k Popularity
45k Popularity
5k Popularity
- Pin
- 🚗 #GateSquareCommunityChallenge# Round 1 — Who Will Be The First To The Moon?
Brain challenge, guess and win rewards!
5 lucky users with the correct answers will share $50 GT! 💰
Join:
1️⃣ Follow Gate_Square
2️⃣ Like this post
3️⃣ Drop your answer in the comments
📅 Ends at 16:00, Sep 17 (UTC) - The Gate to Web3’s future opened in Tokyo during WebX Asia ✨
VIP vibes, exclusively with Dr. Han.
#WebX2025# #Gate# - Gate Launches GUSD!
Mint, trade, and stake GUSD — backed by U.S. Treasuries & real-world assets, offering low-risk, stable-yield opportunities. First Launchpool goes live Aug 29, 2025, with up to 365% APR.
Venus Protocol suffers a loss of $27 million due to phishing scams! The platform's emergency suspension caused XVS to fall over 8%.
The decentralized lending protocol Venus Protocol (XVS) experienced a major security incident on September 2, when a user lost nearly $27 million due to a phishing attack, prompting the platform to urgently suspend operations. As a result, the price of XVS fell to $6.09 on September 3, with a single-day decline of 8.47%, triggering market panic.
Event Overview: Large Amount of Funds Stolen
(Source: Cyvers Alert)
The blockchain security company Cyvers was the first to disclose this incident, stating that the attackers stole various assets from the victim's wallet, including:
1, 19.8 million US dollars of vUSDT
Approximately 7.15 million USD of vUSDC
About 146,000 USD of vXRP
About 22,000 USD of vETH
5, 285 BTCB (worth millions of dollars)
Cyvers supplement, the stolen funds are currently still held in the attacker’s contract and have not been exchanged or transferred.
Venus team response and platform suspension
Venus officially confirmed the incident in a statement and stated that it has initiated security protocols to protect platform funds and user assets. The team is coordinating an investigation with security experts and major token holders while suspending some platform functions to prevent further losses.
Attack Methods: Phishing and Malicious Authorization
Although the incident initially raised concerns about protocol-level vulnerabilities, several security experts pointed out that the Venus smart contract itself was not breached.
DeFi researcher Ignas cited ChatGPT's analysis stating that the attacker utilized the "infinite authorization" already granted in the victim's wallet to directly transfer assets.
SlowMist founder Yu Xian further explained that the victims may have been induced to sign a malicious approval transaction, thereby granting the attackers full control. He also warned that the possibility of the Venus frontend being hijacked or the victims' computers being subjected to "poisoning attacks" cannot be ruled out.
Hacker Action Characteristics and Fund Flow
According to Yu Xian, the hacker's operation is meticulously planned, with a complex source of funding, and even uses gas fees paid through Monero (XMR) exchanges to conceal their tracks.
Currently, Venus is collaborating with affected large holders to trace the flow of funds and attempting to freeze the related assets. Although the initial estimated loss is close to 27 million USD, the actual loss may be less than 20 million USD.
Conclusion
The Venus Protocol phishing incident has once again sounded the alarm for the DeFi space—despite the protocol itself being secure, the protection of users' wallet authorizations and private keys remains the most vulnerable link. Investors should treat any authorization requests with caution and regularly check wallet permissions to prevent similar attacks. As the platform's investigation and security reinforcement progress, the market will closely monitor whether XVS can stabilize and stop its fall in the short term.