Venus Protocol phishing attack: a DeFi user lost $27 million after approving a malicious transaction that granted attackers permission to drain vUSDT and vUSDC. Venus paused the protocol for security reviews and says the incident stems from a compromised wallet approval, not a smart-contract flaw.
-
Attack overview: A phishing approval allowed attackers to drain approximately $27M in Venus vUSDT and vUSDC.
-
Response: Venus Protocol paused the protocol to run security reviews and notified the community on its official channels.
-
On-chain data: Compromised wallet held ~ $19.8M vUSDT and $7.15M vUSDC before funds were siphoned.
Venus Protocol phishing attack: $27M stolen after a phishing approval; Venus paused the protocol for security reviews. Learn what happened and how to secure wallets now.
Venus Protocol paused the platform to conduct security reviews but said the $27 million loss was not linked to a flaw in its contracts.
What happened in the Venus Protocol phishing attack?
Venus Protocol phishing attack occurred when a DeFi user approved a malicious transaction that granted an attacker permission to transfer assets, resulting in roughly $27 million stolen. Venus confirmed the incident appears to be a compromised wallet approval and paused the protocol while security reviews proceed.
A blockchain security firm, PeckShield, reported that a single user lost approximately $27 million after interacting with a phishing contract. On-chain traces indicate the wallet held roughly $19.8 million in Venus USDT (vUSDT) and $7.15 million in Venus USDC (vUSDC) before funds were moved out following the malicious approval.

Source: PeckShield
How did the attacker drain $27 million from the wallet?
The attacker used a phishing flow to trick the user into signing an approval transaction that granted token-transfer rights. Once approval was granted, the attacker executed transfers to external addresses and wrapped assets were moved off-chain. On-chain analytics show the pattern of approval → approvals exploited → asset transfers consistent with phishing drains.
Why did Venus pause the protocol?
Venus paused borrowing and other protocol functions as a precautionary measure while conducting security reviews. The protocol’s official statement (posted on its social channels) emphasized that the incident appears related to user error or a compromised wallet, not a smart-contract vulnerability. The pause aims to protect users while auditors examine the situation.
Frequently Asked Questions
Was the Venus Protocol smart contract exploited?
Venus Protocol has reported that current evidence points to a compromised wallet approval rather than a smart-contract exploit. The protocol is paused to allow security teams to verify on-chain activity and confirm contract integrity.
How can DeFi users prevent similar phishing attacks?
Users should revoke unknown approvals, use hardware wallets or multisig accounts, verify contract addresses via official plain-text channels, and limit token approvals to minimal amounts to reduce risk.
Key Takeaways
- Incident summary: A phishing approval led to a $27M drain from a Venus Protocol user wallet.
- Protocol action: Venus paused the protocol for security reviews while stating contracts appear unaffected.
- User action: Revoke approvals, move funds to secure wallets, and adopt hardware or multisig protections immediately.
Conclusion
The Venus Protocol phishing attack underscores the persistent risk of approval-based scams in DeFi. Security firm PeckShield documented the drain of about $27M in vUSDT and vUSDC, and Venus paused the protocol while conducting reviews. Users should follow immediate mitigation steps and adopt stronger wallet protections to reduce future risk. COINOTAG will update this report as official findings are published.
Published: 2025-09-02 | Updated: 2025-09-02 | Author: COINOTAG