The cryptocurrency lending protocol Venus Protocol has temporarily halted its operations following an incident that occurred on September 2, 2025. One of the platform’s key traders fell victim to a phishing attack: the attacker managed to withdraw $13.5 million from his wallet by signing a malicious contract through the updateDelegate() function.
This is reported by Business • Media
Details of the Incident and Venus Protocol’s Response
The attack was first reported by experts from PeckShield, who detected the user signing the malicious contract. Initially, the estimated losses were assessed at $27 million, but this was later adjusted to $13.5 million. Following this, the Venus Protocol team decided to suspend the protocol’s operations to prevent further losses and assist the affected trader.
“Venus has not been hacked, but we are committed to protecting our users. If we resume operations now, the hacker will receive the user’s funds,” the team stated.
Venus Protocol emphasized that the protocol itself was not compromised, and this is a private case. The team is in contact with the affected user and is working on recovering the lost funds. As of the time of writing, there were no new details regarding the investigation into the incident.
Market Impact and Features of Venus Protocol
Venus Protocol is a decentralized lending platform that allows users to borrow funds without intermediaries and utilize smart contracts. The platform also enables the issuance of the VAI stablecoin, which is backed by over-collateralization, and the ecosystem is governed by the XVS token.
Following the news of the attack, the XVS token sharply dropped in price from $6.3 to $5.6, but soon partially regained its positions. The price dynamics can be seen in the chart below:
Earlier, an incident was reported at the decentralized exchange Bunni, which lost $2.4 million due to a hack.