Fears of $27M Venus Protocol hack turn out to be phishing attack on power user

Alarm bells rang across the decentralized finance (DeFi) community this morning, following suspicious withdrawals from Venus Protocol, the top lending platform on Binance’s BNB Chain.

In what was initially thought to be an eight-figure hack, the transaction was flagged by Defimon Alerts, a Telegram channel that monitors suspicious movements across the DeFi sector.

However, further inspection from blockchain security experts revealed that the losses came from an individual user who had fallen victim to a phishing attack.

The “whale” user had signed a malicious delegation transaction, granting the attacker’s contract control over their deposited funds.

#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker's address (0x7fd8…202a) for asset transfer. pic.twitter.com/NwkVlDxxOZ
— PeckShieldAlert (@PeckShieldAlert) September 2, 2025

Peckshield has since corrected its loss estimate to $13.5 million, which takes into account the remaining debt associated with the user’s position.

Venus confirmed that the “smart contract is safe” and that the platform “is currently paused following security protocols” while it finishes investigations.

An emergency vote was put to the Venus community, proposing to force-liquidate the hacker’s position, which cannot currently be withdrawn while the protocol remains paused.

The vote passed, with 100% of votes cast in favor.

Venus Protocol holds approximately $1.9 billion worth of assets, almost all on BNB Chain, according to data from DeFiLlama.

As is often the case following such security incidents, plenty are monitoring the attacker’s address to see if they move funds or if they’re willing to enter into negotiations.

One user took advantage of the guaranteed audience to serenade chain-checkers with a rendition of a Rick Astley classic via transaction input data.

A look back at Venus’ inhospitable environment

Members of the DeFi community were quick to fear the worst, given Venus’ less-than-stellar track record over the past few years.

Most recently, a “donation attack” left the protocol’s ZKSync deployment with close to a million dollars of bad debt.

The @VenusProtocol incurred $902K in bad debt from an oracle manipulation attack that nobody saw coming… except everyone should have.

Let's dive into how a well-documented ERC-4626 vulnerability continues to drain millions from DeFi protocols despite clear warning signs. pic.twitter.com/X6VzTmQuoT
— Yoni (@YoniKesel) March 29, 2025

Venus lost approximately $680,000 from “community managed budgets” following a social engineering attack in November of last year. Hot wallets were drained via a “Zoom hijack” whilst team members believed they were on a business development call.

In October 2022, Venus was caught up in the almost $600 million BNB bridge hack, when stolen BNB tokens were used to borrow stablecoins from the platform. The attacker was able to bridge over $100 million of borrowed funds to other networks before validators halted the network.

In the fallout of Do Kwon’s Terra/LUNA implosion, Venus was left with $14 million of bad debt, causing a suspension of the oracle used by Venus.

And in what now seems ancient history for DeFi, price manipulation of the platform’s XVS governance token in 2021 saw $100 million of bad debt accumulated, according to a report from QuillAudits.

The official incident report, published at the time, has since been taken offline.

It’s fair to say that it hasn’t exactly been plain sailing so far for Venus Protocol. At least today it wasn’t its own fault.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.