Phishing Attack Exposes DeFi’s Human Vulnerability, Not Just Tech Flaws

Generated by AI AgentCoin World
Tuesday, Sep 2, 2025 2:35 pm ET2min read
BNB
--
Aime RobotAime Summary

- Venus Protocol paused operations after a user lost $13.5M via a phishing attack, not due to smart contract flaws but malicious permissions granted during a deceptive transaction.

- The attack highlighted rising DeFi risks, with stolen assets remaining in the hacker’s wallet and XVS token dropping over 5% before partial recovery.

- 2025 mid-year crypto crime reports show $2.17B in losses, including $410M from phishing, as compromised wallets and AI-powered scams dominate threats.

- Experts warn phishing exploits are evolving, leveraging social engineering and AI to target users, urging stronger individual and platform-level security measures.

Venus Protocol, a decentralized finance (DeFi) lending platform on the

BNB
Chain, has suspended operations following a phishing attack that resulted in a $13.5 million loss for one of its users. The platform confirmed in a public statement on its official social media account that the attack was not due to a vulnerability in its smart contracts, but rather a result of the user granting malicious permissions during a deceptive transaction [1].

The incident was first reported by blockchain security firm PeckShield, which initially estimated the loss at $27 million but later revised the figure after factoring in the user’s debt position. A malicious transaction was approved by the victim, allowing the attacker to drain stablecoins and wrapped assets from their balance. The stolen assets remain in the hacker’s wallet and have not yet been liquidated or moved, according to PeckShield’s analysis [2].

Venus Protocol’s response included a temporary pause in protocol activity as it conducts a full security review. While the platform did not disclose the timeline for resuming operations, it emphasized its commitment to transparency, vowing to update the community as the investigation progresses. The incident has raised concerns among DeFi users, as it underscores the growing risk of phishing attacks in the sector. Venus Protocol’s native governance token, XVS, fell by over 5% following the announcement, though it has since recovered slightly to $6.01 at the time of reporting [2].

The attack has also highlighted broader trends in crypto security. In the first half of 2025, over $2.17 billion was lost to cyberattacks, wallet thefts, and AI-powered scams, with phishing scams alone accounting for $410 million in losses. According to CertiK’s Hack3d Report, personal wallet breaches are increasingly becoming a major source of crypto crime, with compromised wallets responsible for roughly $1.71 billion in losses across just 34 incidents [3].

The Venus Protocol incident is one of several high-profile attacks in early September 2025. On the same day, a phishing wallet exploit affected World Liberty Financial (WLFI) governance tokenholders, while decentralized exchange Bunni paused its smart contract functions following a $2.3 million loss [1]. These events are part of a pattern of rising crypto exploits as prices continue to climb, according to Kronos Research CEO Hank Huang [1].

Experts warn that as the DeFi and crypto markets expand, so too do the tactics used by cybercriminals. Phishing attacks, in particular, remain a persistent threat, with attackers leveraging AI and social engineering to impersonate legitimate entities. The Venus Protocol incident serves as a reminder of the importance of user vigilance and the need for robust security measures, both at the individual and platform levels [1].

Source: [1] Venus Protocol user loses $13.5M to suspected phishing scam on BNB Chain as protocol confirms smart contract remains safe amid investigation. (https://finance.yahoo.com/news/venus-protocol-user-loses-13-130314538.html) [2] Venus Protocol user suffers $13.5M loss from phishing attack. (https://cointelegraph.com/news/defi-trader-loses-27m-phishing-scam-venus-protocol-pauses) [3] Crypto Crime Mid‑Year 2025: $2.17B Stolen and Counting. (https://changelly.com/blog/crypto-crime-midyear-2025-2-17b-stolen-and-counting)