Crypto Phishing Strikes Venus Protocol User, Funds Recovered

One of the biggest drawbacks of cryptocurrencies is their susceptibility to scams and fraud, and in a recent incident, a BNB whale had $13.5 million drained in a phishing attack—an episode that briefly fuelled fears of a major protocol hack before being confirmed as an isolated case.

Phishing Attack and Venus Protocol’s Response

The victim in this case was a large user of Venus Protocol, a decentralized finance lending platform. The individual’s account was drained of about $13.5 million after they unknowingly signed a malicious transaction. By doing so, they gave the attacker permission to access and transfer their tokens.

In response, Venus temporarily paused its operations and remained in direct contact with the victim while efforts were made to recover the funds. The team emphasized that the protocol itself had not been exploited and explained that the pause was necessary—resuming operations too soon could have allowed the attacker to claim the victim’s assets.

Blockchain security firm PeckShieldAlert reported that the victim approved a malicious transaction granting the attacker’s address (0x7fd8…202a) permission to transfer their tokens. The transaction record for this approval is publicly visible on BNB Chain.

Security Analysis and North Korean Involvement

As more details emerged, Danny Cooper, a community delegate for Venus, told Decrypt that initial findings from the security firm ZeroShadow indicated a recognizable pattern. Their assessment suggested that the methods used in this case strongly resembled those often linked to hackers from the Democratic People’s Republic of Korea.

The findings align with a broader trend, as North Korean cyber groups continue to pose an active threat to the cryptocurrency sector. Binance said it faces a daily flood of fake resumes that appear to come from prospective attackers in North Korea.

 

Containment and Recovery

As soon as the suspicious transfer was identified, Venus Protocol’s security system came into effect. The steps that followed were:

• The platform was paused, which appeared to prevent the attacker from moving Venus-wrapped tokens any further.
• Later that day, Venus confirmed that all operations, including withdrawals and liquidations, had been restored at 9:58 PM UTC.
• Venus also announced that the stolen funds had been recovered. According to blockchain security firm PeckShieldAlert, this was made possible by force-liquidating the exploiter’s position, which returned the assets under Venus’s control.

Wider Impact of Phishing in Crypto

The Venus case highlights a problem that extends far beyond a single incident. Phishing has been one of the most damaging threats across the cryptocurrency industry in 2025. Security company CertiK reported that phishing attacks led to over $410 million in losses across 132 incidents in the first half of 2025. 

Around the same time, Hacken, another blockchain security firm, recorded even higher losses—$600 million—from phishing and social engineering attacks aimed at users.

The recovery of funds in this case was unusual, as many phishing incidents end with permanent losses for victims. Even so, the episode shows how phishing schemes continue to focus on individuals rather than protocols. By creating convincing copies of trusted websites and leading users to approve harmful transactions, attackers can bypass technical safeguards and move assets directly from wallets.