BNB Chain Users Lose $13.5 Million in Venus Protocol Phishing Scam
PorAinvest
miércoles, 3 de septiembre de 2025, 3:16 am ET2 min de lectura
BNB--
Venus Protocol, a prominent DeFi lending platform, confirmed that its smart contracts remain secure following the attack. However, a user was tricked into approving a malicious transaction, which allowed an attacker to drain stablecoins and wrapped assets from their wallet [1]. The user's wallet address, 0x7fd8…202a, received unauthorized approvals of tokens, providing the attacker with direct access to millions in assets [1].
The initial report by PeckShield indicated that $27 million was stolen, but this figure was later corrected to $13.5 million after considering the user's debt position. The stolen funds consisted of $19.8 million in Venus USDT, $7.15 million in Venus USDC, and smaller amounts in Venus XRP and Venus ETH [1]. The attacker's wallet, containing the stolen assets, remains untouched, and no attempts to launder or transfer the tokens have been noticed [1].
Venus Protocol temporarily halted its operations to conduct internal security checks. In a public statement, the protocol said, "Venus is currently paused after security protocols were initiated. We will keep you all updated." Moderators also confirmed on Telegram that engineers are conducting in-depth checks [1].
The incident underscores the risks associated with token approvals in DeFi applications. Markets analyst Crypto Jargon warned, "One bad approval and boom, you’re done." Another researcher emphasized the need for users to revoke unused token permissions regularly [1].
This is not an isolated case. On the same day, the Ethereum-based platform Bunni was exploited for $2.3 million, and crypto scams have surged, with CertiK reporting $410 million lost to phishing attacks in 132 incidents [1]. Hacken estimates that phishing-related crypto thefts have reached $600 million [2].
Venus Protocol, despite the incident, continues to be a significant player in the DeFi lending space. It has a total value locked (TVL) of over $1.86 billion, down from its peak of $6.5 billion in 2021. The platform supports services on multiple blockchains, including BNB Chain, Ethereum, Arbitrum, and zkSync [1].
The Venus native governance token, XVS, briefly declined more than 5% after the news but has since rebounded to $6.14. However, it is still far from its 2021 all-time high of $147.02 [1].
Despite the setback, Venus Protocol remains committed to its mission in the DeFi lending space. The incident serves as a reminder of the unique risks faced by DeFi users and the importance of education and vigilance.
References:
[1] https://www.mexc.co/en-IN/news/venus-protocol-user-loses-13-5m-in-bnb-chain-phishing-scam/82576
[2] https://cryptonews.com/news/venus-protocol-user-loses-13-5m-to-a-suspected-phishing-scam-on-bnb-chain/
ETH--
USDC--
A phishing scam on BNB Chain resulted in losses of approximately $13.5 million on Venus Protocol, prompting a temporary suspension of operations. The attack was not a protocol exploit but a phishing scheme that deceived the victim into approving a malicious transaction. Venus Protocol resumed operations after confirming its smart contracts remained secure, but the incident highlights the unique risks faced by DeFi users and the need for education and vigilance.
A recent phishing scam on the BNB Chain has resulted in a significant loss of approximately $13.5 million for a user of Venus Protocol. The incident, which occurred on September 2, 2025, highlights the ongoing risks faced by decentralized finance (DeFi) users and the importance of vigilance and education [1].Venus Protocol, a prominent DeFi lending platform, confirmed that its smart contracts remain secure following the attack. However, a user was tricked into approving a malicious transaction, which allowed an attacker to drain stablecoins and wrapped assets from their wallet [1]. The user's wallet address, 0x7fd8…202a, received unauthorized approvals of tokens, providing the attacker with direct access to millions in assets [1].
The initial report by PeckShield indicated that $27 million was stolen, but this figure was later corrected to $13.5 million after considering the user's debt position. The stolen funds consisted of $19.8 million in Venus USDT, $7.15 million in Venus USDC, and smaller amounts in Venus XRP and Venus ETH [1]. The attacker's wallet, containing the stolen assets, remains untouched, and no attempts to launder or transfer the tokens have been noticed [1].
Venus Protocol temporarily halted its operations to conduct internal security checks. In a public statement, the protocol said, "Venus is currently paused after security protocols were initiated. We will keep you all updated." Moderators also confirmed on Telegram that engineers are conducting in-depth checks [1].
The incident underscores the risks associated with token approvals in DeFi applications. Markets analyst Crypto Jargon warned, "One bad approval and boom, you’re done." Another researcher emphasized the need for users to revoke unused token permissions regularly [1].
This is not an isolated case. On the same day, the Ethereum-based platform Bunni was exploited for $2.3 million, and crypto scams have surged, with CertiK reporting $410 million lost to phishing attacks in 132 incidents [1]. Hacken estimates that phishing-related crypto thefts have reached $600 million [2].
Venus Protocol, despite the incident, continues to be a significant player in the DeFi lending space. It has a total value locked (TVL) of over $1.86 billion, down from its peak of $6.5 billion in 2021. The platform supports services on multiple blockchains, including BNB Chain, Ethereum, Arbitrum, and zkSync [1].
The Venus native governance token, XVS, briefly declined more than 5% after the news but has since rebounded to $6.14. However, it is still far from its 2021 all-time high of $147.02 [1].
Despite the setback, Venus Protocol remains committed to its mission in the DeFi lending space. The incident serves as a reminder of the unique risks faced by DeFi users and the importance of education and vigilance.
References:
[1] https://www.mexc.co/en-IN/news/venus-protocol-user-loses-13-5m-in-bnb-chain-phishing-scam/82576
[2] https://cryptonews.com/news/venus-protocol-user-loses-13-5m-to-a-suspected-phishing-scam-on-bnb-chain/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios