Venus Protocol paused its platform on September 3, 2024, after a user reported a $27 million loss due to a phishing attack, according to PeckShield, a blockchain security firm. The incident occurred when the user mistakenly approved a malicious transaction, allowing attackers to drain stablecoins and wrapped assets from their wallet. On-chain data indicates that the compromised wallet contained $19.8 million in Venus USDT (vUSDT) and $7.15 million in Venus USDC (vUSDC), which were siphoned away after the unauthorized approval [1].

Venus Protocol’s official response on X clarified that the incident was not linked to a vulnerability in its smart contracts. The team stated that the loss appeared to stem from a user error and announced a temporary pause of the protocol to conduct further security reviews. “Right now, yes, that appears to be the case,” the team said in a post. “We will keep everyone updated as we investigate.” The response underscored the growing challenges DeFi users face from social engineering and phishing scams, which continue to evolve in sophistication [1].

The Venus Protocol incident is part of a broader surge in crypto-related phishing attacks and exploits at the beginning of September. On the same day, World Liberty Financial (WLFI), a governance token project associated with Donald Trump, suffered a phishing attack where malicious actors exploited a known vulnerability in Ethereum’s EIP-7702 upgrade. According to security firm SlowMist, attackers used the upgrade’s delegation feature to deploy malicious contracts that automatically redirected funds from compromised wallets [2].

The Ethereum upgrade, which was intended to enhance user experience and reduce gas costs, introduced a vulnerability that attackers quickly weaponized. EIP-7702 allows externally owned accounts to temporarily use the execution logic of smart contracts, a feature that hackers are now using to plant malicious delegates. These delegates execute code in the context of the victim’s wallet, giving attackers full control over its assets and balances. The method has been linked to multiple incidents, including a $1.54 million phishing attack in August and a $146,000 MetaMask wallet drain [2].

According to industry reports, September has already seen a sharp rise in cyberattacks targeting crypto platforms and users. In August, over $163 million was lost across 16 separate attacks, and experts have noted a correlation between rising crypto prices and increased exploit activity. Hank Huang, CEO of research firm Kronos Research, previously explained that higher asset values incentivize hackers to explore new attack vectors, particularly in the fast-moving DeFi space [1]. The recent wave of incidents suggests that while platform-level vulnerabilities are being addressed, user-side risks—particularly from social engineering—remain a major concern.

The phishing attack on Venus Protocol and similar incidents highlight the urgent need for better user education and more robust wallet security mechanisms. PeckShield and SlowMist both emphasize the importance of caution when approving smart contract transactions and the necessity of multi-layered security practices such as hardware wallets and multi-signature setups. As phishing tactics become more sophisticated, including the use of AI-generated content to deceive users, platforms and users alike must remain vigilant.

Source: [1] Venus Protocol user suffers $27M loss from phishing attack (https://cointelegraph.com/news/defi-trader-loses-27m-phishing-scam-venus-protocol-pauses?utm_campaign=rss_partner_inbound&utm_medium=rss&utm_source=rss_feed) [2] Trump’s Crypto Project WLFI Under Attack as Ethereum upgrade backfires with hackers exploiting EIP-7702 vulnerability to steal World Liberty Financial tokens. (https://finance.yahoo.com/news/trump-crypto-project-wlfi-under-081337737.html)