Venus Protocol, a leading DeFi lending platform on the BNB Chain, suffered a significant security incident on September 2, 2025, resulting in the loss of approximately $27 million in assets. Contrary to initial reports of a protocol exploit, on-chain analysis by security firm PeckShield confirmed that the attack was a phishing scheme targeting a large individual user's wallet, not the protocol's core contracts.
The attacker tricked the victim into granting malicious token approvals, which allowed the unauthorized draining of assets including vWBETH, vUSDT, vBNB, and other Venus-based tokens. The funds were transferred across multiple addresses within hours, complicating tracking efforts. The incident occurred while Venus was promoting its Prime Rewards program, though no direct link exists between the marketing push and the attack.
Venus Protocol emphasized that its core contracts remain secure and user deposits are unaffected. The native token XVS showed no immediate price crash, with analysts noting the limited systemic impact as this was a targeted phishing case rather than a protocol-level exploit. The event highlights ongoing security risks for large wallet holders ("whales") in DeFi, even on established platforms.
Security experts urge users to scrutinize approvals, use hardware wallets or multisig setups, and verify domains to avoid similar attacks. Venus is expected to enhance user education efforts, though the protocol has not yet issued a detailed official statement.