Venus Protocol, a popular decentralized finance platform, made headlines on Sept. 2 when it temporarily suspended its services due to a targeted phishing incident that resulted in a user losing tens of millions of dollars. The pause came after blockchain security firm Cyvers reported a suspicious transaction draining nearly $27 million from a single wallet.
The stolen assets included $19.8 million in vUSDT, $7.15 million in vUSDC, $146,000 in vXRP, $22,000 in vETH, and 285 BTCB. Fortunately, the stolen funds were still held in the attacker’s contract and had not been swapped.
The Venus team promptly launched an investigation into the incident and implemented additional security measures to safeguard its platform. While there were initial concerns of a protocol-level exploit, experts clarified that Venus itself had not been compromised.
DeFi researcher Ignas explained that the attacker had exploited pre-approved authorizations granted by the compromised wallet, rather than exploiting a flaw in the Venus protocol. SlowMist founder Yu Xian further elaborated, stating that the victim had unknowingly signed a malicious approval transaction that granted the attacker unrestricted access to transfer tokens from the wallet.
Xian also noted the possibility of a hijacked frontend being used in the phishing attack and suggested that the victim may have been targeted through a poisoning attack on their computer. The hacker displayed meticulous planning and sophistication, utilizing complex funding sources such as routing gas fees through Monero exchanges.
Although the exact amount of the loss is still being determined, Xian mentioned that it may not have exceeded $20 million. The Venus team is working closely with the victim to address the situation, and further details are expected to be revealed as the investigation progresses.
Overall, this incident serves as a reminder of the importance of maintaining strict security measures in the decentralized finance space to protect users from phishing attacks and other malicious activities. Venus Protocol is taking proactive steps to enhance its security protocols and prevent similar incidents in the future.