Crypto User Loses $27M in Venus Protocol BNB Chain Exploit—Here’s What Went Wrong
Another day, another decentralized finance exploit—except this one costs a cool $27 million.
The Setup: Venus Protocol on BNB Chain gets hit by what appears to be a price oracle manipulation attack. No fancy zero-days, just old-school exploitation of lending logic.
The Impact: One user’s entire position—wiped. Liquidated. Gone. And the protocol’s native token? Tanks faster than a crypto influencer’s credibility.
The Irony: It’s almost poetic—a system designed to eliminate trust requires absolute trust in its code. And when that code has a hole, guess who ends up holding the empty bag?
Welcome to DeFi, where the yields are fake but the losses are very, very real.
Security platform confirms it’s not a Venus Protocol exploit
Some community members and reports had initially speculated that the incident was a direct attack on the defi protocol itself. However, cybersecurity company Cyvers clarified that the breach only affected the compromised wallet address 0x0455Ed2a52b6118A804Bb01cb8e144Dda7F75cB5, not the lending platform.
DeFi blogger and Pink Brains studio co-founder Ignas supported this view, writing that Venus “worked as intended,” and that the theft occurred because the attacker exploited pre-approved authorizations from the victim’s wallet.
“One bad approval and boom, you’re done. That’s the dark side of DeFi: open approvals are powerful, but also deadly if you’re not careful,” market trader and analyst Crypto Jargon wrote on X.
The researcher urged users to keep a wide eye out for phishing attempts. “Don’t trust random links, double-check every transaction, and revoke approvals often,” they advised, also recommending hardware wallets instead of hot wallets.
On social media, some users are blaming the design of the ethereum Virtual Machine (EVM) for enabling open token approvals. One user wrote on X, “When will people learn that EVM is a cancer to web3 and this is only possible on outdated chains?”
Others believe the hack falls solely on personal responsibility, arguing that investors should know phishing scams are one of the most effective attack vectors in decentralized finance. “Phishers are always watching,” wrote one commentator. “Bear markets starve them, bull markets feed them. Don’t be the next ‘lesson learned’ post.”
Meanwhile, the theft caused an immediate price fall for Venus’s native token XVS, which is down 1.6% in the last hour. The token fell by 5.75% in 24 hours, underperforming the 1.13% crypto market gains seen 1.13% in the same period.
Despite the decline, Venus Protocol is one of the largest decentralized finance applications on the BNB Chain, holding about $2.7 billion in total value locked (TVL), according to DeFiLlama. At its peak, the platform managed more than $7 billion in assets.
Separate $2.3 million exploit hits Bunni
In a prior incident on Ethereum today, decentralized exchange Bunni was hit by a $2.3 million exploit. Blockchain security scanner Blocksec Phalcon identified the breach early in the morning, telling the community there was unauthorized access to the platform’s smart contracts.
According to Etherscan, funds were siphoned to an address beginning 0xE04e…64f2b, which now holds AAVE and Ethereum USDC and USDT tokens.
As reported by Cryptopolitan, shortly after the attack, at around 5:00 AM UTC, Bunni’s official X page confirmed the exploit and announced that it had paused all smart contract functions across networks as a precaution. “Our team is actively investigating and will provide updates soon,” the protocol wrote on X.
Get up to $30,050 in trading rewards when you join Bybit today
