Venus Protocol User Loses $27M in Phishing Attack, Platform Pauses Operations

DeFi's 'security' takes another $27 million hit as Venus Protocol gets blindsided by sophisticated phishing attack.

The Breach Breakdown

Some crafty digital pickpocket just walked away with a cool $27 million from a single Venus Protocol user—proof that even in decentralized finance, human error remains the weakest link. The platform's response? Hit the emergency pause button faster than a trader dumping tokens after a vague tweet.

Operations Frozen, Questions Thawed

Venus Protocol's temporary shutdown screams damage control—freezing everything while they untangle how someone bypassed their safeguards. Because nothing says 'trustless' like needing to stop the whole system when things go sideways.

Just another day in crypto—where you can lose life savings faster than you can say 'not your keys, not your coins,' but somehow the only thing decentralized is the blame.

DeFi platforms are under increasing pressure as hackers find new ways to exploit vulnerabilities. Recent incidents have sent shockwaves through the crypto community, raising concerns about security and user safety.

Venus Protocol Account Loses $27M

A major account on the Venus Protocol, a leading lending platform on the BNB Chain, was compromised, losing about $27 million in a hack. Blockchain analysts believe the user’s interaction with the Core Pool Comptroller contract allowed attackers to steal tokens like vUSDC and vETH.

The stolen funds from Venus Protocol are still stuck in the attacker’s contract. Blockchain security firms Cyvers Alerts and Peckshield flagged the suspicious activity.

#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker's address (0x7fd8…202a) for asset transfer. pic.twitter.com/NwkVlDxxOZ

$27M Drained in Social Engineering Attack

The victim unknowingly approved a malicious transaction, giving the attacker’s wallet full access to their tokens, including $19.8M in vUSDT, $7.15M in vUSDC, $146K in vXRP, $22K in vETH, and even 285 BTCB. 

Crypto Jargon notes that this was purely a social engineering attack, showing how one careless approval can drain a fortune instantly. He emphasized staying SAFE online by avoiding random links, double-checking transactions, revoking approvals regularly, and using hardware wallets.

Venus Protocol Paused For Precaution

Venus Protocol confirmed that a user’s wallet was drained, but the platform’s smart contracts remain secure. The protocol has been paused as a precaution while the team investigates the incident.

To clarify, Venus Protocol has NOT been exploited. A user has been attacked. Smart contract is safe. https://t.co/ijgelbgVQE

The team also clarified that Venus itself has not been exploited and assured the community that they are actively monitoring the situation. 

Venus’s token XVS has dropped to $5.97, down 6% in the last 24 hours. 

Bunni Exchange Hit by $2.4M Exploit

Meanwhile, decentralized exchange Bunni also suffered a $2.4 million exploit today. Attackers manipulated its Ethereum-based smart contracts, draining funds to a wallet holding $1.33M in USDC and $1.04M in USDT.

#CertiKInsight

We have identified a $2.3M exploit on the @bunni_xyz BunniHub contract.https://t.co/lZB0vzSMQx

The exploiter has exfiltrated funds to 0xe04efd87f410e260cf940a3bcb8bc61f33464f2b.

Stay Vigilant!

All smart contract functions have been paused as a precaution while the team investigates. These two incidents highlight the biggest risks in DeFi: users falling for scams and vulnerabilities in smart contracts.

Crypto hacks have surged in August, with $163 million stolen across 16 attacks. Cybersecurity experts warn that hackers are shifting focus to exchanges and wealthy individuals, signaling rising threats in the booming market.