Victims of the $13 million Venus phishing attack, attributed to the Lazarus hacker group, recounted the incident, which originated from a fake Zoom meeting invitation.

According to Mars Finance, EurekaTrading founder Kuan Sun tweeted about a near-miss of $13 million in a phishing attack: On September 2, 2025, approximately $13 million in assets in his wallet were nearly stolen by the Lazarus hacker group. The security team scrambled to recover the funds. The incident stemmed from a seemingly normal Zoom meeting invitation, which turned out to be a carefully orchestrated phishing scam. The hackers leveraged "semi-acquaintances," deepfake videos, and a forged Rabby plugin to tailor their attacks to the victims' Venus positions. Withdrawals, misled by the fake plugin, put the assets at risk of being transferred with collateralized liabilities. PeckShield, SlowMist, Venus, and multiple security teams responded swiftly, suspending the protocol and conducting risk investigations, ultimately preventing the theft. Hardware wallets aren't foolproof; plugins and front-end hijacking remain a risk. Zoom links, update pop-ups, and even seldom-acquaintances can all serve as entry points for attacks.