In a shocking phishing attack, North Korean-connected cybercriminals hit a BNB crypto whale to steal $13.5M in Binance coins, and now the XVS price could be in question – here’s why.
A major Venus Protocol user lost about $13.5M on Sept. 1 after a phishing attack targeted their positions. On-chain data and security reports confirmed the attack. It happened at 3:26 PM UTC.
Venus Protocol paused operations immediately after the incident. The platform said its smart contracts were still secure, and investigations are ongoing.
We are aware of the user wallet being drained (smart contract is safe) and are actively investigating.
Venus is currently paused following security protocols. We will keep you all updated as soon as we know more.
— Venus Protocol (@VenusProtocol) September 2, 2025
Was the BNB Hardware Wallet Really Safe from Phishing?
Security firm Beosin first reported losses of over $27M. Later, PeckShield revised the number to $13.5M. The initial figure included the user’s debt position. PeckShield said, “Initial estimates were higher as we did not exclude the debt position.”
Yu Xian, founder of SlowMist, said the user’s hardware wallet itself was secure. But attackers compromised the browser extension linked to it.
This gave them borrowing and redemption access to the user’s Venus Protocol holdings without the owner knowing. The case shows that hardware wallets can still be exposed if connected software is vulnerable. Even secure storage can fail against careful social engineering.
Analysis shows the attack was planned and well-funded. Gas fees came from Monero (XMR) exchanges and other funds traced back to eXch, a dark web exchange linked to North Korean hackers.
Xian said the whale was specifically targeted and it wasn’t a broad attack. The Venus Protocol frontend was likely safe while the event raises concerns about state-backed actors using phishing to go after high-value DeFi users.
Venus Protocol paused the platform to protect the remaining assets. The team confirmed direct contact with the affected user, and they said resuming too soon could have put more funds at risk. The protocol focused on user security rather than restarting operations quickly.
DISCOVER: 20+ Next Crypto to Explode in 2025
Is XVS Price Recovery Sustainable After Venus Protocol Phishing Attack?
According to Coinglass data, the market was mostly bullish between June and before the attack.
The positive and steady funding rate indicates that the XVS token is supported by the general trend of the derivatives traders primarily being geared towards making gains.
Although periods of bearishness were experienced, especially in mid-June, the general trend is that of a market with a long-term interest in long positions.
(Source – XVS Funding Rate, CoinGlass)
The XVS/USDT pair saw high volatility over the past 24 hours as XVS fell up to -9% after the attack, then partially recovered.
It briefly dropped below the $6.00 level before bouncing back above it. Currently, XVS trades at $6.11, up +0.58% on the 1-hour chart. Buyers tried to recover after a heavy sell-off.
(Source – XVS USDT, TradingView)
A large red Heikin Ashi candle on high volume shows a possible liquidation or panic selling. Prices briefly fell under $5.60 but bounced quickly.
This drop met strong buy-side support, and it could have been a liquidity grab or stop-hunt. Volume hit 3.23K, much higher than the usual hourly turnover.
Technically, the 50 EMA (red) and 100 EMA (blue) now act as resistance at $6.20 and $6.26. The price is below both EMAs, suggesting a short-term bearish trend.
The 100 EMA slope is flattening, showing that recent bullish momentum is fading. Before the attack, XVS price had been moving sideways to slightly downward since August. It repeatedly failed to break $6.50. The breakdown shows bears have short-term control.
Still, the fast swing around $6.00 indicates that buyers are protecting this level. The $6.00-$6.26 range is possibly a decision zone.
An upward move above the 100 EMA may lure momentum traders who want $6.40. A decline to below $6.00 may challenge recent lows of about $5.60.
This attack shows a common risk in DeFi: phishing scams that trick users into approving tokens. Attackers can drain funds until permissions are revoked. CertiK reports phishing caused $410M in losses across 132 cases in the first half of 2025. Hacken estimates social engineering and phishing cost $600M in the same period.
EXPLORE: Best Meme Coin ICOs to Invest in 2025
Join The 99Bitcoins News Discord Here For The Latest Market Updates
The post Is Binance Safu? North Korea Just Stole $13.5M in XVS Crypto Heist appeared first on 99Bitcoins.
