Venus Protocol returns to full operation after resolving $27M exploit

BNB Chain lending platform Venus Protocol resumed full operations after an exploit on Tuesday forced an emergency vote to suspend withdrawals and liquidations. The platform confirmed later that it had restored services and recovered the $27 million worth of digital assets compromised in the incident.

The disruption began when Venus identified suspicious activity linked to a phishing scam, which was also flagged by several cybersecurity firms. As reported by Cryptopolitan, blockchain analysts had mentioned irregular transactions in the platform’s Core Pool Comptroller contract, which routes user assets vUSDC and vETH.

Venus called for an emergency vote to pause services in order to limit losses and allow security teams to assess whether the exploit compromised Venus’ infrastructure. 

Although users were unable to withdraw or liquidate positions during the hiatus, the protocol partially restored some functionality later the same day for them to repay debt and supply funds, actions that helped them protect their positions until normal operations could resume.

Venus Protocol’s proposed plan for restoration approved

Venus Protocol proposed a plan to its community to determine the immediate steps for handling the crisis. The four-stage plan was outlined as follows: partial restoration within five hours, recovery of stolen funds within seven hours, a full security review within 24 hours, and the eventual resumption of all services once checks were completed.

Voting ended at around 5 PM UTC, with the community voting “100% to proceed,” the protocol announced. “We are so thankful for your support, and will proceed with the execution,” the team wrote on X.

By 9:58 PM UTC, Venus confirmed that the plan had been completed successfully. 

“Venus Protocol has been fully restored, withdrawals and liquidations resumed. The lost funds have been recovered under Venus’ protection,” the platform said.

The exploit stemmed from a phishing incident that tricked a Venus user into approving a malicious transaction, which granted an attacker access to the user’s $27 million worth of digital assets. 

Phishing scams imitate trusted platforms with near-identical websites made to lure users into entering credentials or approving harmful transactions.

According to Cyvers, a blockchain security firm, this particular attack was launched using a domain closely resembling a legitimate site. The small differences are, more often than not unnoticed when victims rush through approvals for token launches or airdrops. Once the user approved the transaction, their wallet was drained.

Venus explained that its quick response prevented the attacker from moving the stolen assets out of their wallet. 

“Fortunately, the suspicious transaction was identified almost immediately, and Venus Protocol was paused. Because of this quick response, the stolen funds remain locked in the attacker’s wallet and this is why Venus is currently paused,” the platform wrote in its emergency update.

Venus to publish full post-mortem after analysis

Venus Protocol said it would publish a full post-mortem of the incident once investigations are complete. The platform also thanked its users for their trust and patience during the suspension of services. 

“Hackers have no place on Venus. Thank you for your patience, understanding, and continued trust as we work tirelessly to protect our users, safeguard our community, and uphold the integrity of the Venus Protocol. The community is the foundation of Venus, and we will always act in your best interest,” the team stated.

Phishing attacks are still atop of the most common threats in decentralized finance, accounting for almost 20% of the $2.17 billion stolen from crypto services in 2025, according to Chainalysis’ mid-year report.

If you're reading this, you’re already ahead. Stay there with our newsletter.