- A Venus Protocol user suffered massive losses after approving a malicious transaction.
- The attacker emptied vUSDT, BTCB, vETH, vXRP and vUSDC in seconds.
- The protocol’s native token plunged sharply after the news broke.
Although the crypto markets showed stability on Tuesday, XVS turned red on the daily chart after reports surfaced that a Venus Protocol user fell victim to an advanced phishing scam, losing roughly $27 million in digital assets.
The speed and mechanics of the incident drew particular attention.
This was not a vulnerability in the Venus Protocol itself. The attacker gained full access to the victim’s funds after a simple mistake.
On-chain security firm PeckShield reported:
The victim approved a malicious transaction, granting token approval to the attacker’s address (0x7fd8…202a) to transfer assets.
#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker’s address (0x7fd8…202a) for asset transfer. pic.twitter.com/NwkVlDxxOZ— PeckShieldAlert (@PeckShieldAlert) September 2, 2025
The attacker’s burn wallet emptied the funds immediately after the victim granted access.
It took only seconds to lose assets that had likely accumulated over years.
Incidents like this underscore the harsh reality of DeFi, where a single mistake can result in catastrophic losses.
Breakdown of the stolen assets shows the scope of the attack:
- $19.8 million in vUSDT
- $7.15 million in vUSDC
- $146,000 in vXRP
- $22,000 in vETH
The victim lost what many would consider generational wealth, especially within the crypto industry.
Most importantly, the hack did not stem from a flaw in the Venus Protocol.
The attacker exploited user deception and social engineering to execute the scam.
Venus Protocol remains secure
One of the main questions the community asked was whether the attacker breached the Venus Protocol itself.
No. The lending and borrowing protocol on the BNB Chain remained secure and fully operational.
The $27 million loss was not caused by a coding bug, systemic exploit, or smart contract vulnerability.
Instead, it is part of a growing trend of social engineering attacks where scammers trick users into granting token approvals.
In June, a New York-based scammer used social engineering to steal more than $4 million from a Coinbase user. In another high-profile case, an individual lost over $240 million last August after a similar sequence of events.
The weak link in these incidents is not the protocol, but the wallet holder who approved the malicious transaction.
Consequently, Venus Protocol continued operating after one of its users suffered devastating losses.
That outcome only amplifies the victim’s frustration.
Risks tied to DeFi freedom
Decentralized finance flourished on permissionless technology, but that freedom comes with significant dangers.
Token approvals streamline interactions between digital assets and decentralized applications (dApps).
However, granting unlimited approvals to wallets diminishes user control and can become fatal if the wallet is controlled by a scammer.
The Venus Protocol victim experienced this firsthand: a single approval turned into a complete disaster.
Unlike centralized services, DeFi offers no refunds or customer support helplines.
Mistakes are final in this space, and $27 million is likely irretrievable.
XVS price outlook
Venus Protocol’s native token fell as the phishing incident unfolded.
XVS lost more than 6% on the daily chart after a sharp decline.
Trading price stood around $5.99 amid heavy selling pressure.
A 400% jump in 24-hour trading volume signals heightened activity, possibly from holders exiting positions to limit further losses.
Bears control XVS price action, suggesting additional declines before the altcoin stabilizes.