A trader on decentralised finance (DeFi) platform Venus Protocol has suffered a $13.5 million loss after falling victim to a phishing scam, according to blockchain security firm PeckShield. The incident prompted Venus Protocol to temporarily pause its platform while security checks were carried out, though the project confirmed the loss was not linked to flaws in its smart contracts.

How the Phishing Attack Unfolded

PeckShield initially reported that the trader had lost $27 million. However, the figure was later revised down to $13.5 million after the security company acknowledged it had not accounted for the user’s outstanding debt position.

The victim was tricked into approving a malicious transaction, giving the attacker access to stablecoins and wrapped assets stored in the wallet. Such scams, which involve impersonating legitimate services or platforms, remain one of the most common forms of crypto theft.

Venus Protocol’s Response

In a statement on X, Venus Protocol stressed that its contracts were unaffected and the incident stemmed from the trader’s error. “Right now, yes, that appears to be the case. We will keep everyone updated as we investigate,” the team said.

As a precautionary measure, Venus decided to pause its services while conducting a security review. The team sought to reassure users by underlining that there was no evidence of systemic risk or protocol vulnerabilities.

Growing Wave of Crypto Exploits

The Venus Protocol case is not an isolated event. Earlier this week, governance token holders of World Liberty Financial were hit by a phishing wallet exploit, according to SlowMist founder Yu Xian. Meanwhile, decentralised exchange Bunni paused its Ethereum-based smart contracts after identifying a security issue that led to estimated losses of $2.3 million.

The surge in attacks at the beginning of September follows a particularly damaging August, when hackers stole over $163 million across 16 separate incidents. Experts warn that such exploits tend to rise in frequency during periods of strong crypto price movements. Kronos Research chief executive Hank Huang noted that rising prices often attract increased criminal activity as hackers seek to exploit market optimism.

Ongoing Challenges for DeFi Security

The incident highlights once again the persistent risks faced by DeFi users, particularly from social engineering attacks like phishing. Unlike protocol exploits, these scams rely on human error, making them harder to prevent through technical measures alone.

Security analysts emphasise that traders must remain vigilant about transaction approvals and double-check the authenticity of links and communications. Despite significant progress in smart contract auditing and security tools, phishing remains a major vulnerability within the crypto ecosystem.