One of the greatest drawbacks of cryptocurrencies is their vulnerability to scams and frauds, and in a recent incident, a BNB whale has lost $ 13.5 million in a phishing attack, an episode that briefly fueled the fears of a major hack of the protocol before being confirmed as an isolated case.
In short
- A BNB whale lost $ 13.5 million in a phishing attack targeting its account on Venus Protocol.
- Danny Cooper said Zeroshadow connected this attack scheme to North Korean hackers.
- Venus resumed its operations and withdrawals after the recovery of stolen funds.
Phishing and response from Venus Protocol
The victim in this case was a large user of Venus Protocol, a loan -finance loan platform. The account of this individual was emptied of around $ 13.5 million after he has, without knowing it, signed a malicious transaction. In doing so, he gave the striker permission to access his tokens and transfer them.
In response, Venus temporarily suspended his operations and remained in direct contact with the victim while efforts were made to recover the funds. The team stressed that the protocol itself had not been exploited and explained that the break was necessary, resuming operations too early could have allowed the attacker to seize the victim's assets.
The security company Blockchain Peckshieldalert reported that the victim Approved a malicious transaction Giving the attacker to the attacker (0x7FD8… 202A) permission to transfer their tokens. The register of this approval is visible publicly on BNB Chain.
North Korean security analysis and involvement
As the details emerged, Danny Cooper, community delegate for Venus, told Decrypt that the first conclusions of the Zeroshadow security company indicated a recognizable scheme. Their evaluation suggested that the methods used in this case strongly resembled those often associated with Hackers from the Democratic People's Republic of Korea.
These conclusions align with a broader trend, the North Korean cybernetic groups continuing to represent an active threat to the cryptocurrency sector. Binance said that it is facing a flood of false CVs daily coming from potential North Korean attackers.
Confinement and recovery
As soon as the suspect transfer has been identified, the Venus Protocol security system has entered action. The steps that followed were:
- The platform has been paused, which seemed to prevent the attacker from moving more the wrapped tokens from.
- Later in the day, Venus confirmed that all operations, including withdrawals and liquidations, had been restored at 9:58 p.m. UTC.
- Venus also announced that the stolen funds had been recovered. According to the security company Blockchain Peckshieldalert, this was made possible by the forced liquidation of the exploiter's position, which brought the assets under the control of Venus.
Wider impact of phishing in crypto
The case came to highlight a problem that extends far beyond a single incident. Phishing was one of the most damaging threats in the cryptocurrency industry in 2025. The certik security company reported that phishing attacks led to More than $ 410 million losses on 132 incidents During the first half of 2025.
About the same period, Hacken, another blockchain security company, recorded even higher losses$ 600 million, due to phishing and social engineering attacks targeting users.
The recovery of funds in this case was unusual, because many phishing incidents end with permanent losses for the victims. Nevertheless, this episode shows how phishing patterns continue to target individuals rather than protocols. By creating convincing copies of trust websites and leading users to approve harmful transactions, attackers can bypass technical protection measures and directly move the assets from the wallets.
Maximize your Cointribne experience with our 'Read to Earn' program! For each article you read, earn points and access exclusive rewards. Sign up now and start accumulating advantages.
