A BNB Chain-based Venus Protocol user has been drained of about $27 million in a phishing attack, according to on-chain data.
BSC transaction records show that a major account on the platform (0x56…2008) was likely compromised. Security firm PeckShield reported that the user appeared to approve a malicious transaction, giving the attacker control.
Funds were then moved to the attacker’s wallet (0x7fd8…202a), which still shows holdings worth more than $27.1 million.
Most of the stolen funds are in Venus USDT (VUSDT), with over 769 million tokens valued around $19.8 million. Another 276 million Venus USDC (VUSDC), worth about $7.1 million, was also drained. Smaller amounts of Binance-Peg ETH, XRP, and BTCB were included.
PeckShield stressed that this was not a direct exploit of Venus Protocol itself, but rather a wallet-level compromise through phishing. Once approvals are granted, attackers can transfer tokens without further consent, leaving victims little recourse.
Separate Bunni Exploit Costs $2.3M
On the same day, decentralized trading platform Bunni suffered a separate breach worth about $2.3 million.
Blockchain security firm BlockSec flagged the incident, pointing to flaws in Bunni’s Ethereum-based smart contracts. The stolen funds were traced to wallet 0xE04…64f2b, which currently holds roughly $1.33 million in USDC and $1.04 million in USDT. The exact attack method has not yet been disclosed.
Both the Venus phishing scam and the Bunni exploit highlight the biggest dangers in DeFi users falling for scams and loopholes in smart contracts. With more money flowing into the space, these threats aren’t going away anytime soon.
Note: This is a developing story. More details are anticipated.
Also Read: CertiK Flags Suspicious Activity in OLAXBT’s AIO Tokens
