News
  • Nidhi Kolhapur
    author-profile
    Nidhi Kolhapur right arrow
    Author

    Nidhi is a Certified Digital Marketing Executive and Passionate crypto Journalist covering the world of alternative currencies. She shares the latest and trending news on Cryptocurrency and Blockchain.

    • author facebook
    • author twitter
    • linkedin
  • Reviewed by: Zafar Naik
    author profile
    Zafar Naik right arrow
    Reviewed

    Zafar is a seasoned crypto and blockchain news writer with four years of experience. Known for accuracy, in-depth analysis, and a clear, engaging style, Zafar actively participates in blockchain communities. Beyond writing, Zafar enjoys trading and exploring the latest trends in the crypto market.

    • 2 minutes read

    Don’t Fall for This DeFi Scam! Venus User Loses $27M in One Click

    Story Highlights
    • Venus Protocol lost $27M after a user fell victim to a social engineering attack

    • Bunni exchange suffered a $2.4M exploit via manipulated smart contracts.

    • Crypto hacks surged in August, totaling $163M across 16 attacks

    The DeFi space is facing another wave of attacks. Hackers are getting smarter, using social engineering tactics and smart contract weaknesses to steal millions.

    Two major incidents this week, one targeting a Venus Protocol account and another affecting Bunni exchange, have shaken the crypto community and sparked new fears over DeFi security.

    Venus Protocol Account Loses $27M

    A major account on the Venus Protocol, a leading lending platform on the BNB Chain, was compromised, losing about $27 million in a hack. Blockchain analysts believe the user’s interaction with the Core Pool Comptroller contract allowed attackers to steal tokens like vUSDC and vETH.

    The stolen funds from Venus Protocol are still stuck in the attacker’s contract. Blockchain security firms Cyvers Alerts and Peckshield flagged the suspicious activity.

    A Costly Social Engineering Trap

    This was not a typical exploit based on coding errors but a social engineering attack. The victim unknowingly approved a malicious transaction, giving the attacker full access to their wallet. The stolen assets included: $19.8M in vUSDT, $7.15M in vUSDC, $146K in vXRP, $22K in vETH, and even 285 BTCB. 

    Crypto analyst @Crypto Jargon notes that this was purely a “social engineering attack”, showing how one careless approval can drain a fortune instantly. He advised crypto users to avoid clicking unknown links, double-check transactions, revoke approvals regularly, and use hardware wallets whenever possible.

    Venus Responds 

    Venus Protocol confirmed the breach but reassured users that its smart contracts remain secure. The platform was paused as a precaution while the team investigates.

    They emphasized that Venus itself was not exploited and assured users that they are closely monitoring the situation. 

    Even with these reassurances, Venus’s governance token XVS fell 6% in 24 hours, dropping to $5.97.

    Bunni Hit by $2.4M Exploit

    Meanwhile, decentralized exchange Bunni also suffered a $2.4 million exploit. Bunni’s smart contract vulnerabilities were exploited, affecting assets across both Ethereum and UniChain networks.

    All smart contract functions have been paused as a precaution while the team investigates. These two incidents highlight the biggest risks in DeFi: users falling for scams and vulnerabilities in smart contracts.

    Crypto hacks have surged in August, with $163 million stolen across 16 attacks. Cybersecurity experts warn that hackers are shifting focus to exchanges and wealthy individuals, signaling rising threats in the booming market.

    Never Miss a Beat in the Crypto World!

    Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.

    FAQs

    What happened in the Venus Protocol hack?

    A user’s wallet was drained of $27M in vUSDT, vUSDC, and other tokens via a social engineering attack, not a protocol exploit. Venus paused operations as a precaution.

    How did the attacker steal the funds?

    The victim approved a malicious transaction, granting the attacker full access to their tokens. The stolen funds remain trapped in the attacker’s contract.

    Show More

    Related Articles

    Back to top button