How The Venus Protocol Whale Lost Over $13 Million

By: BitcoinEthereumNews
2025/09/06 07:20
Fly Trade
FLY$0.07374+0.25%
SUN
SUN$0.021147-1.76%
BRC20.COM
COM$0.016726+3.34%
Backroom by Virtuals
ROOM$0.004591+1.99%
MicroVisionChain
SPACE$0.1554+6.87%

Earlier this week, crypto whale Kuan Sun shared his detailed experience of being targeted by a sophisticated phishing attack on his X account.

This story serves as a stark warning to all investors, as he lost and then recovered $13.5 million. As the digital asset ecosystem expands, so does the risk of hacking. How can investors prevent massive losses?

A Seemingly Harmless Meeting That Became a Nightmare

Sponsored

A phishing attack on Tuesday robbed Kuan Sun, a user of the decentralized lending platform Venus Protocol, of his cryptocurrency. However, thanks to the swift response and cooperation of the Venus Protocol team, he was able to recover the stolen funds.

The elaborate attack began in April 2025 at the Hong Kong Wanxiang Conference. There, a mutual friend introduced Sun to someone who claimed to be a representative for Stack’s Asia Business Development. This kind of networking is common in the crypto space, and they added each other on Telegram.

On August 29, the so-called “BD” requested a simple Zoom meeting. Sun joined late and noticed that there was no sound in the room.

A pop-up message on his webpage read, “Your microphone needs an update.” Confused, Sun clicked the upgrade button—a fatal mistake that set the trap.

Sun later realized the hackers were not acting on the fly. He said the highly customized attack had been in motion since Monday, targeting him specifically.

Sponsored

X Post From the Victim

After the “update,” he started seeing strange messages on his computer. The Chrome browser would close abnormally, and a “Restore tabs?” message would pop up.

Suspecting nothing, Sun continued his routine and accessed Venus Protocol through his browser. There, he proceeded to perform a withdrawal, a task he had done countless times before.

Shortly after, his computer slowed down, his Google account was logged out of Chrome, and strange, unfamiliar transactions appeared in his wallet. He immediately knew something was terribly wrong.

The analysis suggests that the hackers replaced his frequently used Rabby wallet extension with a malicious program. This tactic is often used by Lazarus, the notorious North Korean hacking group.

Sponsored

After gaining wallet approval authority, they quickly transferred various tokens, including vUSDC, vETH, vWBETH, and vBNB.

A Swift Recovery and Key Lessons

Sun acted quickly by contacting blockchain security firms Peckshield and Slowmist for guidance. He also reached out to the Venus Protocol team for help.

As a result, Venus Protocol immediately paused the platform as a preventive measure and began an investigation.

Sponsored

They then initiated an emergency governance vote to force-liquidate the attacker’s wallet, allowing Sun to successfully recover his $13.5 million.

On Thursday, Sun shared his story and his key takeaways. He warned that North Korean hackers are increasingly using a combination of social engineering, deepfakes, and Trojans.

Sponsored

As a result, what appears to be a legitimate video conference or a normal Twitter account could be entirely fake.

He specifically advised users to avoid Zoom links from others and to download program plugins only from official channels. He also urged them never to click “upgrade” links that appear in pop-up windows.

Sun expressed his gratitude to the Venus team for their swift action in preventing further damage. He urged everyone to “always be suspicious of any requests you receive in daily life, and always respond calmly.”

Source: https://beincrypto.com/anatomy-of-the-venus-protocol-whale-hack/

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

SOL Strategies was approved to list on the Nasdaq on September 9 under the ticker symbol STKE.

SOL Strategies was approved to list on the Nasdaq on September 9 under the ticker symbol STKE.

PANews reported on September 6th that SOL Strategies (HODL) , a Toronto-listed digital asset company focused on the Solana blockchain , has received approval to list its common shares on the Nasdaq Global Select Market. Trading will begin on September 9th under the ticker symbol STKE. As of the end of August, the company held 435,064 SOL tokens. The shares, previously listed on the Canadian Securities Exchange (CSE), will continue to trade under the symbol HODL but will be delisted from the U.S. over-the-counter (OTC) market, where they previously traded under the symbol CYFRF. Holders of OTC shares do not need to take any action, as their shares will automatically convert to Nasdaq-listed shares.
Union
U$0.00954-16.09%
Solana
SOL$204.43+0.34%
Overtake
TAKE$0.14767-9.62%
Share
PANews2025/09/06 08:19
Share
WLFI: 272 wallets are blacklisted and frozen to prevent user losses

WLFI: 272 wallets are blacklisted and frozen to prevent user losses

PANews reported on September 6th that WLFI stated on the X platform that it is aware of the community's concerns regarding the recent wallet blacklisting. WLFI emphasized that it will never suppress normal activity. Over the past few days, 272 wallets have been blacklisted. This represents only a small fraction of the total number of holders, and the move is purely to prevent user losses. Meanwhile, an investigation is underway to assist affected users. A breakdown of these 272 wallets is as follows: 215 (approximately 79.0%) were related to phishing attacks: the team intervened to prevent hackers from stealing funds and is working with the legitimate owners to secure/transfer assets. In 50 cases (~18.4%), owners reported the breach; at their request, the team blacklisted these addresses to help protect/recover funds. 5 (about 1.8%) were marked as high-risk exposures (security risks are under review). One case (approximately 0.4%) involved suspected misappropriation of other holders’ funds; a comprehensive internal review is underway. WLFI stated that it will not block normal trading activities, but will take immediate action when it receives alerts of malicious or high-risk activities that may harm community members. The subsequent measures are as follows: We will continue to work with the rightful owners to verify control and ensure the security of funds. Once the review is complete, definitive results for each category will be published. Any broader actions affecting holders will be announced publicly.
ChainAware
AWARE$0.005022+0.41%
WLFI
WLFI$0.1837+0.38%
Movement
MOVE$0.117+1.65%
Share
PANews2025/09/06 08:43
Share
Belarus President calls for tightened crypto regulation to protect investors and economy

Belarus President calls for tightened crypto regulation to protect investors and economy

The post Belarus President calls for tightened crypto regulation to protect investors and economy appeared on BitcoinEthereumNews.com. Belarus President Aleksandr Lukashenko pressed his government to introduce tougher regulation for the crypto industry, local media reported on Sept. 5. According to the report, Lukashenko warned that lax oversight was undermining investor security and the state’s economic interests. The President delivered the rebuke during a high-level government conference after a state audit found that about half of all citizen investments sent to foreign crypto platforms fail to return. The inspection, carried out by the State Control Committee, also uncovered violations in how domestic platforms register financial operations. Push for regulatory overhaul The President said he had ordered a comprehensive framework for digital tokens and crypto as far back as 2023, but no binding legislation has reached his desk until now. The country has also initiated plans to create a central bank digital currency tied to the Russian ruble. He criticized the government for allowing “digital life” to outpace the law, urging officials to finalize regulations that guarantee financial stability while protecting investors. The Crypto Investor Blueprint: A 5-Day Course On Bagholding, Insider Front-Runs, and Missing Alpha Nice 😎 Your first lesson is on the way. Please add [email protected] to your email whitelist. Currently, digital asset activity in Belarus falls under the Hi-Tech Park, a special economic zone governed by Ordinance No. 8. The framework, introduced to foster the country’s IT sector, sets the legal foundation for token creation and trading. Lukashenko acknowledged the framework but said it was insufficient and signalled that traditional state agencies would soon play a larger role in the sector’s oversight. Balancing security and investment The measures Lukashenko outlined focus on creating transparent rules for market participants, including safeguards that ensure funds remain within the country. At the same time, he stressed the importance of allowing legitimate local businesses and foreign investors to continue operating…
PlaysOut
PLAY$0.04346+18.19%
TokenFi
TOKEN$0.01265+2.84%
BRC20.COM
COM$0.016727+3.39%
Share
BitcoinEthereumNews2025/09/06 07:50
Share

Trending News

More

SOL Strategies was approved to list on the Nasdaq on September 9 under the ticker symbol STKE.

WLFI: 272 wallets are blacklisted and frozen to prevent user losses

Belarus President calls for tightened crypto regulation to protect investors and economy

Carlita, DJ Tennis, and Calamar Crew to Headline AFTER 2049, the Official Closing Event for Asia’s Largest Web3 Conference 

How Thousands of Nodes Using Multi-Signatures Can Open Up the Future of BTC Restaking