Venus Protocol, a major decentralized lending platform on BNB Chain, has fully restored operations after suspending withdrawals and liquidations in response to a significant exploit on September 2, 2025. The protocol confirmed on September 3 that all lost funds, initially estimated at $27 million (though some reports suggested $30 million), have been successfully recovered.
The incident originated from a malicious contract update that drained assets, including vUSDC and vETH, from the platform's Core Pool Comptroller contract. On-chain analysts flagged suspicious transactions routing user funds to a hacker's wallet, prompting Venus to immediately halt key functions. The protocol emphasized that the pause was necessary not just to secure the phished funds, but to conduct full security checks to ensure its front end was not compromised.
Despite the recovery and restoration of services, Venus' native token, XVS, remains down 2.69% over the past 24 hours following a sell-off during the incident. The protocol has committed to releasing a full post-mortem and expressed gratitude to the community for their support during this critical moment.