Venus Protocol's Core Pool Exploited for $27 Million on BNB Chain
Venus Protocol temporarily paused operations after a phishing attack drained user funds, though experts confirm the protocol itself was not compromised and investigations into the sophisticated scheme continue.
On September 2, Venus Protocol suspended its platform after a user lost nearly $27 million in a targeted phishing incident. Security firm Cyvers reported stolen assets including $19.8 million vUSDT, $7.15 million vUSDC, $146,000 vXRP, $22,000 vETH, and 285 BTCB. Experts clarified Venus Protocol’s smart contracts were not exploited; instead, the victim unknowingly signed a malicious approval transaction granting attackers access. SlowMist founder Yu Xian suggested possible poisoning attacks and sophisticated funding methods, while noting the actual losses may be under $20 million. Venus Protocol confirmed investigations are ongoing and security measures were activated to protect the platform.
- Venus Protocol: A decentralized lending and borrowing protocol built on the BNB Chain that allows users to supply collateral and earn interest, or borrow assets.
- Phishing Attack: A cybercrime where attackers impersonate legitimate entities to trick individuals into revealing sensitive information, such as private keys or approving malicious transactions.
- Approval Transaction: A blockchain operation where a user grants permission for a contract to spend tokens from their wallet, which can be exploited if malicious.