Ethereum News Today: DeFi User's $27M Loss Exposes Wallet Security's Critical Weakness

Generated by AI AgentCoin World
Tuesday, Sep 2, 2025 6:19 am ET2min read
BNB
--
ETH
--
USDC
--
XRP
--
Aime RobotAime Summary

- A Venus Protocol user lost $27M via phishing, with attacker controlling assets after malicious transaction approvals.

- Bunni DeFi platform reported $2.3M exploit from Ethereum smart contract vulnerabilities, highlighting systemic risks.

- Hackers leverage EIP-7702 upgrades to plant malicious contracts, targeting wallets with private key leaks pre-token launches.

- Incidents underscore urgent need for improved user education and multi-layered security protocols in DeFi ecosystems.

A

BNB
Chain-based user of the Venus Protocol has reportedly lost approximately $27 million in a phishing scam, according to on-chain data and security reports. The victim, associated with a major account (0x56…2008), appears to have approved a malicious transaction, granting an attacker control over the assets. Security firm PeckShield noted that the attacker’s wallet (0x7fd8…202a) now holds over $27.1 million in stolen funds, primarily in Venus
USDT
(VUSDT) and Venus
USDC
(VUSDC) tokens. The attack was not a direct exploit of Venus Protocol itself but rather a compromise at the wallet level through phishing, highlighting the vulnerabilities in user-side security practices [1].

The compromised account lost over 769 million VUSDT tokens valued at $19.8 million and 276 million VUSDC tokens valued at $7.1 million. Smaller amounts of other tokens, including Binance-Peg ETH,

XRP
, and BTCB, were also drained. PeckShield emphasized that once token approvals are granted, attackers can transfer assets without further user consent, often leaving victims with little to no recourse [1].

The incident occurred on the same day that another DeFi platform, Bunni, reported a separate exploit costing approximately $2.3 million. According to blockchain security firm BlockSec, the breach stemmed from vulnerabilities in Bunni’s Ethereum-based smart contracts. The stolen funds were traced to a wallet holding roughly $1.33 million in USDC and $1.04 million in USDT. While the exact method of the Bunni attack remains undisclosed, it underscores the growing risks associated with smart contract vulnerabilities [1].

A separate report from another source described the Venus Protocol exploit as involving the updating of a Core Pool Comptroller contract to a malicious address, which affected tokens such as vUSDC and vETH. This method of attack, if confirmed, suggests a different vector than the phishing scam reported by PeckShield. The funds remain in the attacker’s contract, and it is unclear whether they will be swapped or moved, raising concerns about the potential for a full-scale cash-out [2]. The Venus community has not yet issued an official statement, and security teams continue to monitor the situation [2].

The phishing attack serves as a reminder of the evolving tactics used by cybercriminals in the DeFi space. As more users deposit significant assets into protocols, the incentive for attackers to exploit vulnerabilities—both technical and user-side—continues to rise. PeckShield highlighted that phishing remains one of the most effective methods for attackers to gain unauthorized access to user funds. In the case of Venus, the user likely interacted with a malicious contract via a deceptive link or website, granting the attacker the necessary approvals to siphon assets [1].

Meanwhile, other DeFi platforms and token launches continue to face similar threats. Reports suggest that hackers are leveraging Ethereum's EIP-7702 upgrade to execute phishing exploits by pre-planting malicious contracts in victim wallets. This method, which requires private key leakage, allows attackers to quickly seize assets during transfers or deposits. The World Liberty Financial (WLFI) tokenholders, for example, have reported being affected by a variant of this exploit in the lead-up to their token launch [3].

These incidents collectively emphasize the need for stronger user education and improved security protocols in the DeFi ecosystem. Users are urged to verify all transaction approvals and ensure that they are interacting with verified smart contract addresses. Additionally, developers are being called upon to implement multi-layered security mechanisms to reduce the risk of both direct protocol exploits and wallet-level compromises.

Source: [1] Venus Protocol User Drained of $27M in Phishing Scam (https://www.cryptotimes.io/2025/09/02/venus-protocol-user-drained-of-27m-in-phishing-scam/) [2] BNB Chain-Based Venus Protocol Drained of $27M on Suspected Contract Compromise (https://www.coindesk.com/tech/2025/09/02/bnb-chain-based-venus-protocol-drained-of-usd27m-on-suspected-contract-compromise) [3] Hackers are using the 'classic EIP-7702' exploit to snatch ... (https://cointelegraph.com/news/wlfi-token-holders-falling-prey-classic-wallet-exploit)