Venus $13 million phishing attack incident victim review: The attack was carried out by the Lazarus Hacker organization and originated from a disguised Zoom meeting invitation.
On September 4, Kuan Sun, the founder of EurekaTrading, tweeted about his near loss of $13 million due to a phishing attack: On September 2, 2025, approximately $13 million in assets from his Wallet were almost stolen by the Lazarus Hacker group. The security team acted urgently and ultimately recovered the funds. The incident stemmed from what appeared to be a normal Zoom meeting invitation, which was actually a carefully crafted phishing trap. The hacker tailored the attack against the victim's Venus Position using "acquaintance" relationships, deepfake videos, and a fake Rabby plugin. Under the false belief of the fake plugin operation, the victim executed a withdraw, putting their assets at risk of being transferred along with liabilities. PeckShield, SlowMist, Venus, and multiple security teams responded quickly, suspending the protocol and checking for risks, ultimately preventing the theft of funds. A hardware wallet is not foolproof; there are still risks of plugins and front-end hijacking. Zoom links, upgrade pop-ups, and acquaintance relationships can all become entry points for attacks.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
Venus $13 million phishing attack incident victim review: The attack was carried out by the Lazarus Hacker organization and originated from a disguised Zoom meeting invitation.
On September 4, Kuan Sun, the founder of EurekaTrading, tweeted about his near loss of $13 million due to a phishing attack: On September 2, 2025, approximately $13 million in assets from his Wallet were almost stolen by the Lazarus Hacker group. The security team acted urgently and ultimately recovered the funds. The incident stemmed from what appeared to be a normal Zoom meeting invitation, which was actually a carefully crafted phishing trap. The hacker tailored the attack against the victim's Venus Position using "acquaintance" relationships, deepfake videos, and a fake Rabby plugin. Under the false belief of the fake plugin operation, the victim executed a withdraw, putting their assets at risk of being transferred along with liabilities. PeckShield, SlowMist, Venus, and multiple security teams responded quickly, suspending the protocol and checking for risks, ultimately preventing the theft of funds. A hardware wallet is not foolproof; there are still risks of plugins and front-end hijacking. Zoom links, upgrade pop-ups, and acquaintance relationships can all become entry points for attacks.