Venus Protocol user loses $27 million to phishing scam
The losses were due to a compromised wallet, not a vulnerability in the Venus Protocol. On the same day, hackers attacked the DeFi platform Bunni for $2,3 million
02.09.2025 - 13:45
295
2 min
0
Key points:
- A Venus Protocol user lost $27 million as a result of phishing.
- VUSDT and VUSDC tokens were stolen, and the funds remain in the attacker’s wallet.
- On the same day, the Bunni protocol was attacked, losing $2,3 million.
According to PeckShield, the attack on Venus Protocol was not related to a vulnerability in smart contracts. The hackers used phishing: the victim confirmed a transaction that gave the attacker full control over the wallet’s assets.
The hackers gained access to the Venus user’s wallet and transferred the assets to their address, where more than $27,1 million is still stored.
Losses in numbers
Most of the stolen funds were stablecoins. Hackers withdrew approximately 769 million Venus USDT tokens (approximately $19,8 million) and 276 million Venus USDC (approximately $7,1 million). Additionally, smaller amounts of Binance-Peg ETH, XRP, and BTCB were stolen, bringing the total damage to $27,1 million.

Venus Protocol in the BNB ecosystem
Venus remains one of the largest lending platforms on the BNB blockchain. The protocol allows users to deposit assets (stablecoins, ETH, BTCB, etc.) to earn interest, and borrowers to take out collateralized loans.
Related incident: Bunni hack
On the same day, the decentralized trading platform Bunni on Ethereum lost about $2,3 million.

According to BlockSec, the problem is related to a vulnerability in smart contracts. The stolen funds remain under the control of the attackers — about $2,37 million in USDC and USDT.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter