A Venus Protocol user has lost $13.5 million to a suspected phishing scam that occurred through the BNB Chain native money market.
According to a PeckShield Security alert, the victim approved a malicious transaction and granted token approval to the attacker’s address (0x7fd8…202a), which facilitated the asset transfer.
PeckShield initially reported $27 million in assets drained, but later found the exact figure was approximately $13.5 million, as the initial estimates did not exclude the attacker’s debt position.
The stolen assets are still held in the hacker’s wallet address and haven’t been converted to other tokens or made any move towards cashing out.
Venus Protocol Confirms: “User Attacked, Smart Contract Safe”
Venus Protocol’s official X account broke its silence and told the community that they are actively investigating the suspicious transaction.
According to the statement, “Venus is currently paused following security protocols. We will keep you all updated as soon as we know more.“
Minutes later, the protocol confirmed that Venus Protocol has NOT been exploited, but a user of the protocol was attacked, meaning the user fell victim to a phishing attack while Venus’ smart contract was not compromised.
The Venus native governance token XVS sharply fell by over 5% following news of the attack and has slightly recovered to $6.01 at press time.
Source: CoinMarketCap
The token has lost most of its value since launching around $2.07 in 2020, now down 95.9% after reaching a peak of $147.02 in May 2021.
Venus functions as a DeFi money market that simplifies borrowing, lending, and minting stablecoins on the BNB Chain.
According to data from DefiLlama, Venus Protocol boasts over $1.86 billion in total value locked (TVL) on its DeFi platform, down from over $6.5 billion TVL at its peak in 2021, making it a core part of BNB Chain’s DeFi ecosystem.
When it comes to fees generated on Binance Smart Chain (formerly BNB Chain), Venus Protocol generates the second-most cumulative fees of over $137 million, only bettered by PancakeSwap with over $3.2 billion.
Source: DefiLlama
BNB Chain’s Security Streak Broken After Months of Quiet
With the Venus Protocol incident, now confirmed, it marks the first major attack on BNB Chain in some time, aside from the liquidity manipulation that occurred in March with Four.Meme, a popular meme token launch platform on Binance’s BNB Chain.
CertiK’s analysis revealed that the Four.Meme attacker leveraged a method known as a sandwich attack to ultimately siphon approximately 125 BNB ($80,000).
The only other major attacks on BNB Chain date back over two years, including the infamous Binance hack in 2022, which saw over two million BNB tokens worth over $570 million stolen.
In 2024, Bankroll Status, a BNB Chain-based decentralized finance (DeFi) platform, suffered a significant breach resulting in a $230,000 loss.
The hacking tactics appeared to follow the same pattern used in previous DualPools attacks.
According to a recent joint report from BNB Chain and Hacken, a trusted blockchain security auditor, there has been a 70% drop in losses from $161 million in 2023 to $47 million in 2024.
Source: Hacken
Similarly, total financial losses on BNB Chain due to security incidents are down 87% year-over-year to $9.2 million.
Q2 2024 reported 35 security incidents, a significant decrease from the 115 incidents recorded in Q1 2023.
This decline primarily resulted from BNB Chain’s enhanced security measures and constant efforts to safeguard its ecosystem.
The post Venus Protocol User Loses $13.5M to a Suspected Phishing Scam on BNB Chain appeared first on Cryptonews.
