Venus Protocol Pauses as vUSDT Holdings May Have Been Drained in $27M Phishing Attack

Venus Protocol phishing attack: a DeFi user lost $27 million after approving a malicious transaction that granted attackers permission to drain vUSDT and vUSDC. Venus paused the protocol for security reviews and says the incident stems from a compromised wallet approval, not a smart-contract flaw.

• Attack overview: A phishing approval allowed attackers to drain approximately $27M in Venus vUSDT and vUSDC.
• Response: Venus Protocol paused the protocol to run security reviews and notified the community on its official channels.
• On-chain data: Compromised wallet held ~ $19.8M vUSDT and $7.15M vUSDC before funds were siphoned.

Venus Protocol paused the platform to conduct security reviews but said the $27 million loss was not linked to a flaw in its contracts.

What happened in the Venus Protocol phishing attack？

Venus Protocol phishing attack occurred when a DeFi user approved a malicious transaction that granted an attacker permission to transfer assets, resulting in roughly $27 million stolen. Venus confirmed the incident appears to be a compromised wallet approval and paused the protocol while security reviews proceed.

,

,

];

var adplace = document.getElementById(“ads-bitget”);

if (adplace) {

var sessperindex = parseInt(sessionStorage.getItem(“adsindexBitget”));

var adsindex = isNaN(sessperindex) ？ Math.floor(Math.random() * adscodesBitget.length) : sessperindex;

adplace.innerHTML = adscodesBitget[adsindex];

sessperindex = adsindex === adscodesBitget.length – 1 ？ 0 : adsindex + 1;

sessionStorage.setItem(“adsindexBitget”, sessperindex);

}

})();

A blockchain security firm, PeckShield, reported that a single user lost approximately $27 million after interacting with a phishing contract. On-chain traces indicate the wallet held roughly $19.8 million in Venus USDT (vUSDT) and $7.15 million in Venus USDC (vUSDC) before funds were moved out following the malicious approval.

The attacker used a phishing flow to trick the user into signing an approval transaction that granted token-transfer rights. Once approval was granted, the attacker executed transfers to external addresses and wrapped assets were moved off-chain. On-chain analytics show the pattern of approval → approvals exploited → asset transfers consistent with phishing drains.

Venus paused borrowing and other protocol functions as a precautionary measure while conducting security reviews. The protocols official statement (posted on its social channels) emphasized that the incident appears related to user error or a compromised wallet, not a smart-contract vulnerability. The pause aims to protect users while auditors examine the situation.

];

var adplace = document.getElementById(“ads-binance”);

if (adplace) {

var sessperindex = parseInt(sessionStorage.getItem(“adsindexBinance”));

var adsindex = isNaN(sessperindex) ？ Math.floor(Math.random() * adscodesBinance.length) : sessperindex;

adplace.innerHTML = adscodesBinance[adsindex];

sessperindex = adsindex === adscodesBinance.length – 1 ？ 0 : adsindex + 1;

sessionStorage.setItem(“adsindexBinance”, sessperindex);