Venus Protocol User Loses $27M in Phishing Attack on BNB Chain

BNB Chain Wallet Drained Amid Venus Protocol Attack

A dramatic phishing incident on BNB Chain drained a Venus Protocol user of nearly $27 million in digital assets. Security firm PeckShield confirmed that the attack was specifically targeted at a single wallet, and did not target Venus Protocol's smart contracts.

On-chain analysis showed that the victim signed an unauthorized transaction that gave the attacker's address unlimited access. With control established, the attacker immediately moved assets to their own wallet, which still contains more than $27.1 million.

https://x.com/PeckShieldAlert/status/1962811018268287096

The total amount of funds stolen was around 769M vUSDT (valued at $19.8 million) and 276M vUSDC (valued at $7.1 million). Other funds that were withdrawn during the theft include Binance-Peg ETH, XRP, vETH, and 285 BTCB.

This Venus Protocol of attack is a typical vulnerability that uses user approvals to attack. Once issued, token transfers can be carried out without additional confirmation, which leaves victims with few options. 

Phishing Scams and Smart Contract Exploits Strike DeFi

Venus Protocal phishing attack came at the same time as another major one involving decentralized trading platform Bunni on Ethereum. According to security firm BlockSec, Bunni lost about $2, 300, 000 as a result of flaws in its smart contracts.

The attackers stole $1.33M USD Coin (USDC) and $1.04 million Tether USDT, with stolen assets traced to an attacker's wallet almost immediately. While the specific exploit mechanism has not been disclosed, the breach highlights the technical vulnerabilities that still exist in DeFi protocols.

Both cases underscore the dynamic nature of threats in the decentralized finance space, where phishing attacks and smart contract vulnerabilities remain a risk to user funds. 

Security analysts report that attackers are more likely to launch attacks during times of increased traffic to the Venus Protocol platform. 

Venus Protocol recently advertised its Prime Rewards program, and these kinds of campaigns can give attackers opportunities to scam users looking for new ways to earn yields. 

Crypto Exploits Reach $163M in August

PeckShield stated that there were 16 large crypto exploits recorded in August 2025, and the losses reached $163 000, 000, an increase of 15% compared to $142M in July 2025. The report put the Venus Protocal phishing case and the Bunni exploit in the context of a whole month of security failures.

The most high-profile case saw a Bitcoin holder lose $91.4 million, while Turkish exchange BtcTurk suffered its second major breach in just over a year, losing $54 000. With cumulative losses of over $100 million, BtcTurk continues to be one of the hardest-hit platforms in the world.

Other heists included $7 000, 000 from ODIN•FUN, $5M from BetterBank.io and $4, 500, 000 from CrediX Finance. These statistics highlight the magnitude of risk in digital asset markets and the ongoing presence of advanced attackers.

The Venus Protocal case is notable because it was a user (rather than protocol infrastructure) that was compromised, highlighting the fact that wallet-level compromises can have the same magnitude of impact as protocol hacks. As large holders tend to be the biggest targets, DeFi remains prone to user-side scams, as well as technical exploits.