Phishing drains $27m from Venus user

Venus user on BNB Chain loses about $27m after approving a phishing transaction, firms say.

A user of the Venus lending platform on BNB Chain lost roughly $27m to a phishing attack, according to PeckShield.

#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker’s address (0x7fd8…202a) for asset transfer. pic.twitter.com/NwkVlDxxOZ

— PeckShieldAlert (@PeckShieldAlert) September 2, 2025

Analysts said the victim approved a malicious transaction, granting the attacker permission to transfer tokens from the wallet.

Cyvers corroborated the incident, stressing that phishing was the root cause.

🚨ALERT🚨27M suspicious transaction has been detected involving a user of @VenusProtocol on the #BNBChain
The user unknowingly approved a malicious transaction, granting token permissions that resulted in the loss of $27M in digital assets.

The stolen funds are currently held… pic.twitter.com/WekHEicyec

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 2, 2025

Specialists said about $19.8m in Venus USDT (vUSDT) and $7.15m in Venus USDC (vUSDC) were siphoned from the wallet.

The company said the incident was not related to any vulnerability in the platform’s smart contracts. Project representatives suggested the trader made an error.

We are aware of the suspicious transaction and are actively investigating.

Venus is currently paused following security protocols. We will keep you all updated as soon as we know more.

— Venus Protocol (@VenusProtocol) September 2, 2025

Community reaction

Ignas, the founder of Pink Brains, analysed the incident with ChatGPT. According to the AI, the attack was enabled by the wallet owner’s carelessness.

‘Venus exploited for $40M’ headline might be wrong.

I tested AI limits by feeding ChatGPT Thinking model with the tx. It can the read the explorer!

It says Venus worked as intended. If it’s true, I won’t need smart contract explanatooors anymore lol

Anyway, the AI read into… pic.twitter.com/g6MXHhngBe

— Ignas | DeFi (@DefiIgnas) September 2, 2025

Transaction analysis indicates the attacker exploited previously granted approvals to interact with a whale’s wallet assets.

The attack unfolded in several steps:

1. The hacker repaid the user’s debt to unlock collateral.
2. Using the approvals, the attacker borrowed USDC to their own address.
3. They then withdrew vTokens to their wallet.

The user’s address was drained. Ignas noted that, if the AI’s reading is correct, the incident underscores the importance of permission management for DeFi applications.

He advised users to review and revoke unlimited or unused approvals across assets to reduce risk. He added that an AI’s ability to parse transactions in a block explorer takes the technology to the “next level”.

A trader known as Crypto Jargon likewise said the user had granted unlimited access to tokens via a malicious approval.

A Venus Protocol user just lost $27M in a single click. 🚨

Here’s what happened:
They approved a shady transaction, unknowingly giving unlimited access to their tokens. Attacker’s burner wallet (0x7fd8…202a) didn’t waste a second, assets got drained instantly.

We’re talking… pic.twitter.com/PVZmqJSXC0

— Crypto Jargon (@Crypto_Jargon) September 2, 2025

The expert urged caution and reiterated basic security rules:

• do not click suspicious links;
• scrutinise every transaction before confirming;
• regularly revoke dapp approvals;
• use hardware wallets for large holdings.

He also noted that scam activity typically rises in bull markets.

Another incident

Decentralised exchange Bunni lost $2.3m to a smart-contract vulnerability on Ethereum. Blocksec analysts said the attacker withdrew $1.33m in USDC and $1.04m in USDT.

ALERT! Our system detected a suspicious transaction targeting @bunni_xyz ’s contract on #Ethereum, and the loss is ~$2.3M. Please take actions ASAP.

— BlockSec Phalcon (@Phalcon_xyz) September 2, 2025

A core Bunni developer urged users to withdraw funds immediately. 

If you have money on @bunni_xyz remove it ASAP. https://t.co/CXms5U19eZ

— silent ₱ (@Psaul26ix) September 2, 2025

The team confirmed the exploit. As a precaution, developers paused smart-contract functions across all networks and began an investigation.

🚨 The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon. Thank you for your patience.

— Bunni (@bunni_xyz) September 2, 2025

In March, Venus developers reported a Binance oracle malfunction that led to a $274,000 loss.