A Binance Smart Chain user lost $13.5 million in a phishing attack after approving a malicious transaction, security firms and the victim say. Initial estimates put losses at $27 million, but PeckShield revised that figure after excluding the user’s debt position.
Early reports mistakenly suggested the Venus Protocol was compromised because the stolen assets were held in Venus-wrapped USDT and USDC. Venus Protocol and security firms Cyvers and PeckShield confirmed the protocol itself was not breached, meaning other users’ funds were not affected.
Venus and multiple security partners—including Binance Security, HexaGate, ChaosLabs and ZeroShadow—are working with the victim to trace and recover tokens still sitting in the attacker’s wallet. A protocol-level safety mechanism triggered and was briefly paused, which appears to have blocked some token movements.
Early analysis from ZeroShadow suggests the “attack fingerprint” points to actors linked to the Democratic People’s Republic of Korea. North Korean groups such as Lazarus have been tied to large crypto thefts before, underscoring a persistent state-backed threat in the space.
Phishing scams mimic trusted sites and trick users into signing malicious approvals—often during airdrops or token launches. Users should treat random approval requests with suspicion, avoid unfamiliar links, use hardware wallets, and regularly revoke token approvals. Even high-value users remain vulnerable, and recovered funds are not guaranteed.
Source: Decrypt. Read the original coverage for full details.