A Venus Protocol user has lost approximately $27 million in digital assets after approving a malicious transaction that granted access to an attacker. The exploit took place on the BNB Chain, where the user’s wallet gave token approvals to an address identified as 0x7fd8…202a, allowing the attacker to transfer the funds.
Blockchain security firm PeckShield was the first to flag the activity on social platform X, sharing a snapshot of the hacker’s address on BscScan.
#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker’s address (0x7fd8…202a) for asset transfer. pic.twitter.com/NwkVlDxxOZ— PeckShieldAlert (@PeckShieldAlert) September 2, 2025
The address now holds millions in stolen tokens, including about $19.8 million in Venus USDT (vUSDT), $7.15 million in Venus USDC (vUSDC), $146,000 in Venus XRP (vXRP), and more than $22,000 in Venus ETH (vETH). The attacker also seized 285 BTCB, Binance’s tokenized version of Bitcoin.
Security platform confirms it’s not a Venus Protocol exploit
Some community members and reports had initially speculated that the incident was a direct attack on the defi protocol itself. However, cybersecurity company Cyvers clarified that the breach only affected the compromised wallet address 0x0455Ed2a52b6118A804Bb01cb8e144Dda7F75cB5, not the lending platform.
DeFi blogger and Pink Brains studio co-founder Ignas supported this view, writing that Venus “worked as intended,” and that the theft occurred because the attacker exploited pre-approved authorizations from the victim’s wallet.
“One bad approval and boom, you’re done. That’s the dark side of DeFi: open approvals are powerful, but also deadly if you’re not careful,” market trader and analyst Crypto Jargon wrote on X.
The researcher urged users to keep a wide eye out for phishing attempts. “Don’t trust random links, double-check every transaction, and revoke approvals often,” they advised, also recommending hardware wallets instead of hot wallets.
On social media, some users are blaming the design of the Ethereum Virtual Machine (EVM) for enabling open token approvals. One user wrote on X, “When will people learn that EVM is a cancer to web3 and this is only possible on outdated chains?”
Others believe the hack falls solely on personal responsibility, arguing that investors should know phishing scams are one of the most effective attack vectors in decentralized finance. “Phishers are always watching,” wrote one commentator. “Bear markets starve them, bull markets feed them. Don’t be the next ‘lesson learned’ post.”
Meanwhile, the theft caused an immediate price fall for Venus’s native token XVS, which is down 1.6% in the last hour. The token fell by 5.75% in 24 hours, underperforming the 1.13% crypto market gains seen 1.13% in the same period.
Despite the decline, Venus Protocol is one of the largest decentralized finance applications on the BNB Chain, holding about $2.7 billion in total value locked (TVL), according to DeFiLlama. At its peak, the platform managed more than $7 billion in assets.
Separate $2.3 million exploit hits Bunni
In a prior incident on Ethereum today, decentralized exchange Bunni was hit by a $2.3 million exploit. Blockchain security scanner Blocksec Phalcon identified the breach early in the morning, telling the community there was unauthorized access to the platform’s smart contracts.
According to Etherscan, funds were siphoned to an address beginning 0xE04e…64f2b, which now holds Aave and Ethereum USDC and USDT tokens.
As reported by Cryptopolitan, shortly after the attack, at around 5:00 AM UTC, Bunni’s official X page confirmed the exploit and announced that it had paused all smart contract functions across networks as a precaution. “Our team is actively investigating and will provide updates soon,” the protocol wrote on X.
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
Read More
