TL;DR
- Phishing Recovery: Venus Protocol successfully returned $11.4M in stolen crypto to a user targeted by a fake Zoom client, showcasing rare success in phishing fund recovery.
- Swift Protocol Action: The team paused operations within 20 minutes and recovered funds in under 12 hours, aided by top security firms.
- DeFi Vulnerability: Phishing scams caused $410M in losses across 132 cases in early 2025, highlighting sector-wide risks.
Venus Protocol has returned $11.4 million in crypto assets to a user who fell victim to a phishing attack involving a fake Zoom client. The event that took place on September 2 involved Kuan Sun, the CEO of Eureka Trading, who is a well-known user of the decentralized lending platform. Sun unknowingly signed a malicious transaction that granted token approvals to an attacker, resulting in the theft of multiple stablecoins, including USDT, USDC, and FDUSD.
Although the platform itself was not compromised, Venus Protocol paused operations within 20 minutes and launched an aggressive recovery effort that has since been praised across the crypto community.
After conducting diligence checks, we are happy to share that as of Sep-06-2025 01:33:10 PM UTC, we have officially returned @KuanSun1990's positions worth $11.4M at today’s token prices.
Transaction tx linked below.
— Venus Protocol (@VenusProtocol) September 8, 2025
Rapid Response and Recovery
Venus Protocol’s post-incident analysis revealed that it took less than 12 hours to identify the issue, confirm platform integrity, and recover the stolen funds. The team initiated a rapid security audit and executed a community-approved forced liquidation of the attacker’s wallet.
This decisive action enabled the protocol to return Sun’s positions, valued at $11.4 million at current token prices. Venus acknowledged the on-chain security companies PeckShield, Hexagate, and Hypernative Labs for their crucial help in the recovery process.
Community Support and Praise
The crypto community reacted favorably to how Venus Protocol managed the situation. On social media platform X, Sun expressed deep gratitude for the team’s quick decision-making, stating, “Pausing the protocol was one of the hardest calls imaginable… But they made that call in seconds, because protecting users came first.” The incident highlighted the importance of prioritizing user safety, even at the risk of criticism and operational disruption.
Phishing Scams on the Rise
The attack underscores a growing trend in phishing scams targeting DeFi users. According to blockchain security firm CertiK, phishing incidents accounted for $410 million in losses across 132 cases in the first half of 2025. Venus Protocol’s proactive measures stand in contrast to the broader vulnerability seen across the sector, offering a rare example of successful fund recovery in a phishing scenario.
Venus Protocol’s Continued Evolution
Launched in 2020, Venus Protocol operates as a decentralized lending market primarily on BNB Chain, with additional deployments on Ethereum, opBNB, Arbitrum, Optimism, and zkSync. It enables users to supply collateral, borrow assets, and mint the VAI stablecoin, governed by the Venus (XVS) token. Despite an initial drop following the incident, XVS has rebounded to its pre-event price of $6.30, up 1.6% in the past day.
