Venus $13 Million Phishing Attack Victim Retrospective: Attack by Lazarus Hacker Group, Originating from a Spoofed Zoom Meeting Invitation

BlockBeats News, September 4th, EurekaTrading founder Kuan Sun tweeted a recap of his near $13 million loss due to a phishing attack:

On September 2, 2025, around $13 million in assets in his wallet were nearly stolen by the Lazarus hacking group. The security team took emergency action and ultimately recovered the funds.

The incident was initiated by what seemed like a normal Zoom meeting invitation, which was actually a carefully orchestrated phishing trap. The hacker used a "familiar stranger" relationship, deepfake video, and a forged Rabby plugin to tailor an attack to the victim Venus's position. By mistakenly trusting the fake plugin, a withdrawal was executed, exposing the assets to the risk of being transferred along with debt.

PeckShield, SlowMist, Venus, and multiple security teams swiftly responded, paused the protocol to investigate the risk, and ultimately prevented the fund theft. Hardware wallets are not foolproof; plugins and frontends are still vulnerable to hijacking. Zoom links, upgrade pop-ups, and "familiar stranger" relationships could all serve as attack vectors.