A lightning digital heist followed by an equally swift rescue. Venus Protocol, one of the largest decentralized lenders in the crypto ecosystem, has announced the return of over $11.4 million to an investor who fell victim to phishing. A decision hailed by the entire DeFi community, in a context where such attacks are on the rise.
Venus Protocol Recovers Stolen Funds and Reimburses User
On September 2, Kuan Sun, CEO of Eureka Trading and a major user of Venus, had his positions drained after executing a malicious transaction. The trap? A fake Zoom client, granting attacker token permissions. The result: nearly $13 million vanished, spread across USDT, USDC, FDUSD, and other stablecoins.
Unlike a conventional hack, the vulnerability did not come from Venus but from a social engineering attack. Nevertheless, the platform reacted urgently: halting operations 20 minutes after the incident, conducting a rapid security audit, and collaborating with multiple security firms on an investigation. Less than 12 hours later, the protocol had identified the funds and prepared for their return.
A Targeted Attack, an Immediate Response
To recover the funds, Venus implemented an exceptional strategy: a forced liquidation of the attacker’s wallet, approved by governance. This maneuver, combined with assistance from PeckShield, Hexagate, and Hypernative Labs, secured the assets before being returned to their rightful owner.
After conducting diligence checks, we are happy to share that as of Sep-06-2025 01:33:10 PM UTC, we have officially returned @KuanSun1990’s positions worth $11.4M at today’s token prices.
The principal beneficiary himself commended the protocol’s responsiveness:
Pausing the protocol was an extremely difficult decision. But they did it in seconds because protecting the users mattered above all.
A Forced Liquidation Approved by the Community
This positive resolution contrasts with market trends. According to a mid-year report by CertiK, phishing attacks have already resulted in $410 million in losses in 2025, across 132 recorded incidents. This underlines the importance of user security dependent on both protocols and vigilance against manipulation attempts.
The incident also stirred the markets: the Venus token (XVS) initially dropped before recovering pre-attack levels. As of writing, it is trading around $6.26, with a slight 1% increase over 24 hours.
Phishing: a Growing Threat in DeFi
Launched in 2020, Venus Protocol has emerged as a central player in decentralized lending. Initially on BNB Chain, it now operates on Ethereum, Arbitrum, Optimism, opBNB, and zkSync. The protocol enables collateral deposits, borrowing, and minting its stablecoin VAI, under XVS token governance.
By returning all the funds, Venus sends a powerful message: DeFi is not just a minefield of risks but also an ecosystem capable of quick reactions and imposing its own safeguards. A transparency operation that could strengthen user trust at a critical juncture for the industry.
