Venus Protocol Hit by Phishing Attack Resulting in $13.5 Million Loss

Venus Protocol, a decentralized finance (DeFi) platform, suffered a significant security breach due to phishing. The attack led to the unauthorized movement of assets worth around $13.5 million, prompting an immediate response from the protocol's developers.

The incident began when a victim's wallet was compromised through social engineering, reportedly via a fake Zoom client. Malicious approvals enabled asset movement without exploiting any contract-level vulnerabilities.

In response to the attack, Venus Protocol was paused within 20 minutes to prevent further damage and limit contagion across markets. A 'lightning vote' was then conducted among the community to authorize the forced liquidation of the attacker's positions, which successfully returned funds to the victim.