BNB Chain Users Lose $13.5 Million in Venus Protocol Phishing Scam

A phishing scam on BNB Chain resulted in losses of approximately $13.5 million on Venus Protocol, prompting a temporary suspension of operations. The attack was not a protocol exploit but a phishing scheme that deceived the victim into approving a malicious transaction. Venus Protocol resumed operations after confirming its smart contracts remained secure, but the incident highlights the unique risks faced by DeFi users and the need for education and vigilance.

A recent phishing scam on the BNB Chain has resulted in a significant loss of approximately $13.5 million for a user of Venus Protocol. The incident, which occurred on September 2, 2025, highlights the ongoing risks faced by decentralized finance (DeFi) users and the importance of vigilance and education [1].

Venus Protocol, a prominent DeFi lending platform, confirmed that its smart contracts remain secure following the attack. However, a user was tricked into approving a malicious transaction, which allowed an attacker to drain stablecoins and wrapped assets from their wallet [1]. The user's wallet address, 0x7fd8…202a, received unauthorized approvals of tokens, providing the attacker with direct access to millions in assets [1].

The initial report by PeckShield indicated that $27 million was stolen, but this figure was later corrected to $13.5 million after considering the user's debt position. The stolen funds consisted of $19.8 million in Venus USDT, $7.15 million in Venus USDC, and smaller amounts in Venus XRP and Venus ETH [1]. The attacker's wallet, containing the stolen assets, remains untouched, and no attempts to launder or transfer the tokens have been noticed [1].

Venus Protocol temporarily halted its operations to conduct internal security checks. In a public statement, the protocol said, "Venus is currently paused after security protocols were initiated. We will keep you all updated." Moderators also confirmed on Telegram that engineers are conducting in-depth checks [1].

The incident underscores the risks associated with token approvals in DeFi applications. Markets analyst Crypto Jargon warned, "One bad approval and boom, you’re done." Another researcher emphasized the need for users to revoke unused token permissions regularly [1].

This is not an isolated case. On the same day, the Ethereum-based platform Bunni was exploited for $2.3 million, and crypto scams have surged, with CertiK reporting $410 million lost to phishing attacks in 132 incidents [1]. Hacken estimates that phishing-related crypto thefts have reached $600 million [2].

Venus Protocol, despite the incident, continues to be a significant player in the DeFi lending space. It has a total value locked (TVL) of over $1.86 billion, down from its peak of $6.5 billion in 2021. The platform supports services on multiple blockchains, including BNB Chain, Ethereum, Arbitrum, and zkSync [1].

The Venus native governance token, XVS, briefly declined more than 5% after the news but has since rebounded to $6.14. However, it is still far from its 2021 all-time high of $147.02 [1].

Despite the setback, Venus Protocol remains committed to its mission in the DeFi lending space. The incident serves as a reminder of the unique risks faced by DeFi users and the importance of education and vigilance.

References:
[1] https://www.mexc.co/en-IN/news/venus-protocol-user-loses-13-5m-in-bnb-chain-phishing-scam/82576
[2] https://cryptonews.com/news/venus-protocol-user-loses-13-5m-to-a-suspected-phishing-scam-on-bnb-chain/