Highlights: Venus Protocol confirms smart contracts remain secure after phishing incident. The attacker drained $13.5M after malicious token approval. BNB Chain’s platform was halted while the investigation was ongoing. A decentralized finance (DeFi) user recently became a victim of a phishing attack that targeted the Venus Protocol on the BNB Chain. Blockchain security firm PeckShield initially flagged the suspicious activity and revealed that the victim had approved a malicious transaction. This gave an attacker the ability to transfer assets from the wallet without violating the Venus Protocol system. The attacker’s wallet, which is 0x7fd8…202a, received unauthorized approvals of tokens. This provided them with direct access to millions in assets. According to blockchain data, the stolen funds consisted of $19.8 million in Venus USDT, $7.15 million in Venus USDC, and smaller amounts in Venus XRP and Venus ETH. Early reports indicated that $27 million was stolen. However, PeckShield later corrected this to $13.5 million after taking into account the user’s debt position. The attacker’s wallet contains the stolen assets untouched. Moreover, no attempts to launder or transfer the tokens have been noticed. #PeckShieldAlert Correction The loss for the phished @VenusProtocol user is ~$13.5M.Initial estimates were higher as we did not exclude the debt position. https://t.co/k6JDDLOrP1 pic.twitter.com/3Wx8ufpvic — PeckShieldAlert (@PeckShieldAlert) September 2, 2025 Venus Protocol Confirms Smart Contract Remains Secure Despite initial concerns, Venus Protocol was able to verify that its smart contracts were not exploited. The attack affected one user’s wallet only because of malicious authorizations. The weakened address was 0x0455Ed2a52b6118A804Bb01cb8e144Dda7F75cB5. The protocol halted activity for the purpose of internal security checks. In a public statement, Venus Protocol said, “Venus is currently paused after security protocols were initiated. We will keep you all updated.” In addition, moderators also confirmed on Telegram that engineers are conducting in-depth checks. We are aware of the user wallet being drained (smart contract is safe) and are actively investigating. Venus is currently paused following security protocols. We will keep you all updated as soon as we know more. — Venus Protocol (@VenusProtocol) September 2, 2025 DeFi researchers raised awareness of the risk of token approvals in decentralized applications. “One bad approval and boom, you’re done,” markets analyst Crypto Jargon said. Another researcher added that users should revoke unused token permissions on a regular basis. Wider DeFi Security Breaches Emerge The Venus Protocol incident wasn’t an isolated case. On the same day, the Ethereum-based platform Bunni was exploited for $2.3 million. Crypto2Community reported that Bunni’s smart contracts were compromised and funds were moved to another suspicious address at 0xE04e…64f2b. #CertiKInsight We have identified a $2.3M exploit on the @bunni_xyz BunniHub contract.https://t.co/lZB0vzSMQx The exploiter has exfiltrated funds to 0xe04efd87f410e260cf940a3bcb8bc61f33464f2b. Stay Vigilant! — CertiK Alert (@CertiKAlert) September 2, 2025 These events have followed news of a surge in crypto scams. CertiK’s second mid-year report for 2025 indicated that $410 million was lost to phishing attacks in 132 attacks. According to another security firm, Hacken, phishing-related crypto thefts were estimated to have reached $600 million. In the case of the Venus Protocol, the user called an updateDelegate function, which authorized the attacker’s wallet. This move allowed a total drain of funds without violating the actual protocol. Venus Protocol later confirmed that the platform operated as planned. The platform’s governance token, XVS, briefly declined more than 5% after the news but then rebounded to $6.14. However, the token is still way off from its 2021 all-time high of $147.02. Despite this, Venus Protocol continues to be a significant player in the DeFi lending space. It has a total value locked (TVL) of over $1.86 billion, which is much lower than its peak of $6.5 billion. The platform supports services on BNB Chain, Ethereum, Arbitrum, zkSync, and more. eToro Platform Best Crypto Exchange Over 90 top cryptos to trade Regulated by top-tier entities User-friendly trading app 30+ million users 9.9 Visit eToro eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong. Highlights: Venus Protocol confirms smart contracts remain secure after phishing incident. The attacker drained $13.5M after malicious token approval. BNB Chain’s platform was halted while the investigation was ongoing. A decentralized finance (DeFi) user recently became a victim of a phishing attack that targeted the Venus Protocol on the BNB Chain. Blockchain security firm PeckShield initially flagged the suspicious activity and revealed that the victim had approved a malicious transaction. This gave an attacker the ability to transfer assets from the wallet without violating the Venus Protocol system. The attacker’s wallet, which is 0x7fd8…202a, received unauthorized approvals of tokens. This provided them with direct access to millions in assets. According to blockchain data, the stolen funds consisted of $19.8 million in Venus USDT, $7.15 million in Venus USDC, and smaller amounts in Venus XRP and Venus ETH. Early reports indicated that $27 million was stolen. However, PeckShield later corrected this to $13.5 million after taking into account the user’s debt position. The attacker’s wallet contains the stolen assets untouched. Moreover, no attempts to launder or transfer the tokens have been noticed. #PeckShieldAlert Correction The loss for the phished @VenusProtocol user is ~$13.5M.Initial estimates were higher as we did not exclude the debt position. https://t.co/k6JDDLOrP1 pic.twitter.com/3Wx8ufpvic — PeckShieldAlert (@PeckShieldAlert) September 2, 2025 Venus Protocol Confirms Smart Contract Remains Secure Despite initial concerns, Venus Protocol was able to verify that its smart contracts were not exploited. The attack affected one user’s wallet only because of malicious authorizations. The weakened address was 0x0455Ed2a52b6118A804Bb01cb8e144Dda7F75cB5. The protocol halted activity for the purpose of internal security checks. In a public statement, Venus Protocol said, “Venus is currently paused after security protocols were initiated. We will keep you all updated.” In addition, moderators also confirmed on Telegram that engineers are conducting in-depth checks. We are aware of the user wallet being drained (smart contract is safe) and are actively investigating. Venus is currently paused following security protocols. We will keep you all updated as soon as we know more. — Venus Protocol (@VenusProtocol) September 2, 2025 DeFi researchers raised awareness of the risk of token approvals in decentralized applications. “One bad approval and boom, you’re done,” markets analyst Crypto Jargon said. Another researcher added that users should revoke unused token permissions on a regular basis. Wider DeFi Security Breaches Emerge The Venus Protocol incident wasn’t an isolated case. On the same day, the Ethereum-based platform Bunni was exploited for $2.3 million. Crypto2Community reported that Bunni’s smart contracts were compromised and funds were moved to another suspicious address at 0xE04e…64f2b. #CertiKInsight We have identified a $2.3M exploit on the @bunni_xyz BunniHub contract.https://t.co/lZB0vzSMQx The exploiter has exfiltrated funds to 0xe04efd87f410e260cf940a3bcb8bc61f33464f2b. Stay Vigilant! — CertiK Alert (@CertiKAlert) September 2, 2025 These events have followed news of a surge in crypto scams. CertiK’s second mid-year report for 2025 indicated that $410 million was lost to phishing attacks in 132 attacks. According to another security firm, Hacken, phishing-related crypto thefts were estimated to have reached $600 million. In the case of the Venus Protocol, the user called an updateDelegate function, which authorized the attacker’s wallet. This move allowed a total drain of funds without violating the actual protocol. Venus Protocol later confirmed that the platform operated as planned. The platform’s governance token, XVS, briefly declined more than 5% after the news but then rebounded to $6.14. However, the token is still way off from its 2021 all-time high of $147.02. Despite this, Venus Protocol continues to be a significant player in the DeFi lending space. It has a total value locked (TVL) of over $1.86 billion, which is much lower than its peak of $6.5 billion. The platform supports services on BNB Chain, Ethereum, Arbitrum, zkSync, and more. eToro Platform Best Crypto Exchange Over 90 top cryptos to trade Regulated by top-tier entities User-friendly trading app 30+ million users 9.9 Visit eToro eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.