{"id":50028,"date":"2025-09-02T15:41:35","date_gmt":"2025-09-02T12:41:35","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=50028"},"modified":"2025-09-02T15:46:47","modified_gmt":"2025-09-02T12:46:47","slug":"phishing-drains-27m-from-venus-user","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/phishing-drains-27m-from-venus-user\/","title":{"rendered":"Phishing drains $27m from Venus user"},"content":{"rendered":"<p>A user of the Venus lending platform on BNB Chain lost roughly $27m to a phishing attack, according to PeckShield.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> A user of <a href=\"https:\/\/twitter.com\/VenusProtocol?ref_src=twsrc%5Etfw\">@VenusProtocol<\/a> has been drained ~$27M in crypto after falling for a <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&#038;ref_src=twsrc%5Etfw\">#phishing<\/a> scam.<br \/>The victim approved a malicious transaction, granting token approval to the attacker&#8217;s address (0x7fd8\u2026202a) for asset transfer. <a href=\"https:\/\/t.co\/NwkVlDxxOZ\">pic.twitter.com\/NwkVlDxxOZ<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1962811018268287096?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Analysts said the victim approved a malicious transaction, granting the attacker permission to transfer tokens from the wallet.<\/p>\n<p>Cyvers corroborated the incident, stressing that phishing was the root cause.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8ALERT\ud83d\udea827M suspicious transaction has been detected involving a user of <a href=\"https:\/\/twitter.com\/VenusProtocol?ref_src=twsrc%5Etfw\">@VenusProtocol<\/a> on the <a href=\"https:\/\/twitter.com\/hashtag\/BNBChain?src=hash&#038;ref_src=twsrc%5Etfw\">#BNBChain<\/a> <br \/>The user unknowingly approved a malicious transaction, granting token permissions that resulted in the loss of $27M in digital assets.<\/p>\n<p>The stolen funds are currently held\u2026 <a href=\"https:\/\/t.co\/WekHEicyec\">pic.twitter.com\/WekHEicyec<\/a><\/p>\n<p>\u2014 \ud83d\udea8 Cyvers Alerts \ud83d\udea8 (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1962814582579183709?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Specialists said about $19.8m in Venus USDT (vUSDT) and $7.15m in Venus USDC (vUSDC) were siphoned from the wallet.<\/p>\n<p>The company said the incident was <a href=\"https:\/\/x.com\/VenusProtocol\/status\/1962827793420710035\">not related<\/a> to any vulnerability in the platform\u2019s smart contracts. Project representatives <a href=\"https:\/\/twitter.com\/VenusProtocol\/status\/1962823056092733864\">suggested<\/a> the trader made an error.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are aware of the suspicious transaction and are actively investigating.<\/p>\n<p>Venus is currently paused following security protocols. We will keep you all updated as soon as we know more.<\/p>\n<p>\u2014 Venus Protocol (@VenusProtocol) <a href=\"https:\/\/twitter.com\/VenusProtocol\/status\/1962818760936759683?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 class=\"wp-block-heading\">Community reaction<\/h2>\n<p>Ignas, the founder of Pink Brains, analysed the incident with ChatGPT. According to the AI, the attack was enabled by the wallet owner\u2019s carelessness.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">&#8216;Venus exploited for $40M&#8217; headline might be wrong.<\/p>\n<p>I tested AI limits by feeding ChatGPT Thinking model with the tx. It can the read the explorer!<\/p>\n<p>It says Venus worked as intended. If it&#8217;s true, I won&#8217;t need smart contract explanatooors anymore lol<\/p>\n<p>Anyway, the AI read into\u2026 <a href=\"https:\/\/t.co\/g6MXHhngBe\">pic.twitter.com\/g6MXHhngBe<\/a><\/p>\n<p>\u2014 Ignas | DeFi (@DefiIgnas) <a href=\"https:\/\/twitter.com\/DefiIgnas\/status\/1962813013834203644?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Transaction analysis indicates the attacker exploited previously granted approvals to interact with a whale\u2019s wallet assets.<\/p>\n<p>The attack unfolded in several steps:<\/p>\n<ol class=\"wp-block-list\">\n<li>The hacker repaid the user\u2019s debt to unlock collateral.<\/li>\n<li>Using the approvals, the attacker borrowed USDC to their own address.<\/li>\n<li>They then withdrew vTokens to their wallet.<\/li>\n<\/ol>\n<p>The user\u2019s address was drained. Ignas noted that, if the AI\u2019s reading is correct, the incident underscores the importance of permission management for DeFi applications.<\/p>\n<p>He advised users to review and revoke unlimited or unused approvals across assets to reduce risk. He added that an AI\u2019s ability to parse transactions in a block explorer takes the technology to the \u201cnext level\u201d.<\/p>\n<p>A trader known as Crypto Jargon likewise said the user had granted unlimited access to tokens via a malicious approval.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A Venus Protocol user just lost $27M in a single click. \ud83d\udea8<\/p>\n<p>Here\u2019s what happened:<br \/>They approved a shady transaction, unknowingly giving unlimited access to their tokens. Attacker\u2019s burner wallet (0x7fd8\u2026202a) didn\u2019t waste a second, assets got drained instantly.<\/p>\n<p>We\u2019re talking\u2026 <a href=\"https:\/\/t.co\/PVZmqJSXC0\">pic.twitter.com\/PVZmqJSXC0<\/a><\/p>\n<p>\u2014 Crypto Jargon (@Crypto_Jargon) <a href=\"https:\/\/twitter.com\/Crypto_Jargon\/status\/1962814485238030862?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The expert urged caution and reiterated basic security rules:<\/p>\n<ul class=\"wp-block-list\">\n<li>do not click suspicious links;<\/li>\n<li>scrutinise every transaction before confirming;<\/li>\n<li>regularly revoke dapp approvals;<\/li>\n<li>use hardware wallets for large holdings.<\/li>\n<\/ul>\n<p>He also noted that scam activity typically rises in bull markets.<\/p>\n<h1 class=\"wp-block-heading\">Another incident<\/h1>\n<p>Decentralised exchange Bunni lost $2.3m to a smart-contract vulnerability on Ethereum. Blocksec analysts said the attacker withdrew $1.33m in USDC and $1.04m in USDT.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">ALERT! Our system detected a suspicious transaction targeting <a href=\"https:\/\/twitter.com\/bunni_xyz?ref_src=twsrc%5Etfw\">@bunni_xyz<\/a> \u2019s contract on <a href=\"https:\/\/twitter.com\/hashtag\/Ethereum?src=hash&#038;ref_src=twsrc%5Etfw\">#Ethereum<\/a>, and the loss is ~$2.3M. Please take actions ASAP.<\/p>\n<p>\u2014 BlockSec Phalcon (@Phalcon_xyz) <a href=\"https:\/\/twitter.com\/Phalcon_xyz\/status\/1962743751568433416?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A core Bunni developer urged users to withdraw funds immediately.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">If you have money on <a href=\"https:\/\/twitter.com\/bunni_xyz?ref_src=twsrc%5Etfw\">@bunni_xyz<\/a> remove it ASAP. <a href=\"https:\/\/t.co\/CXms5U19eZ\">https:\/\/t.co\/CXms5U19eZ<\/a><\/p>\n<p>\u2014 silent \u20b1 (@Psaul26ix) <a href=\"https:\/\/twitter.com\/Psaul26ix\/status\/1962751900522107011?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The team confirmed the exploit. As a precaution, developers paused smart-contract functions across all networks and began an investigation.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon. Thank you for your patience.<\/p>\n<p>\u2014 Bunni (@bunni_xyz) <a href=\"https:\/\/twitter.com\/bunni_xyz\/status\/1962773674634756450?ref_src=twsrc%5Etfw\">September 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In March, Venus developers reported a Binance oracle malfunction that led to a $274,000 loss.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A user of the Venus lending platform on BNB Chain lost roughly $27m to a phishing attack, PeckShield said.<\/p>\n","protected":false},"author":1,"featured_media":50029,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Venus user on BNB Chain loses about $27m after approving a phishing transaction, firms say.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,787,1787],"class_list":["post-50028","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-dex","tag-venus-planet"],"aioseo_notices":[],"amp_enabled":true,"views":"171","promo_type":"1","layout_type":"1","short_excerpt":"Venus user on BNB Chain loses about $27m after approving a phishing transaction, firms say.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/50028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=50028"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/50028\/revisions"}],"predecessor-version":[{"id":50030,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/50028\/revisions\/50030"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/50029"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=50028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=50028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=50028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}