- A Venus Network user suffered massive losses after approving a malicious transaction.
- The attacker took only a few seconds to drain vUSDT, BTCB, vETH, vXRP and vUSDC.
- The native token plunged sharply after the news.
While the broader crypto market showed stability on Tuesday, XVS painted its daily chart red after it emerged that a Venus Protocol user fell victim to a sophisticated phishing scam, losing roughly $27 million in digital assets.
What drew particular attention was how the incident unfolded.
This was not caused by a vulnerability in the Venus Protocol. The attacker gained full access to the victim’s assets after a single, simple mistake.
According to on-chain investigator PeckShield:
The victim approved a malicious transaction, granting token approval to the attacker’s address (0x7fd8…202a) to transfer assets.
#PeckShieldAlert A user of @VenusProtocol has been drained ~$27M in crypto after falling for a #phishing scam.
The victim approved a malicious transaction, granting token approval to the attacker’s address (0x7fd8…202a) for asset transfer.— PeckShieldAlert (@PeckShieldAlert) September 2, 2025
The attacker’s burner wallet emptied the victim’s holdings almost immediately after approval.
It took only seconds to erase what was likely years of accumulated wealth.
Incidents like this highlight the brutal reality of DeFi, where a single mistake can lead to catastrophic losses.
Breakdown of the losses shows the attack’s severity:
- $19.8 million in vUSDT
- $7.15 million in vUSDC
- $146,000 in vXRP
- $22,000 in vETH
- $285 in Bitcoin on BNB Chain (BTCB)
The victim lost what many would consider generational wealth, particularly within the crypto industry.
Worse still, the theft was not caused by a flaw in Venus’s codebase.
The attacker relied on deception and the victim’s trust to execute the scam.
Venus Protocol remains secure
One key question for the community was whether the attacker had exploited the Venus Protocol itself.
No. The BNB Chain-based lending and borrowing protocol remained secure and fully operational.
The $27 million loss did not stem from a coding flaw, systemic exploit, or smart contract bug.
Instead, it fits a growing trend of social-engineering fraud, where attackers trick users into approving token permissions.
In June, a New York-based scammer used social engineering to steal more than $4 million from a Coinbase user. In another notable incident last August, a victim lost over $240 million in a similar scam.
The weak link is not the protocol but the individual who controls the wallet.
As a result, Venus continued operating normally after one of its users suffered a devastating loss.
That reality only compounds the victim’s frustration.
Risks of DeFi’s permissionless freedom
Decentralized finance has thrived on permissionless technology.
But that freedom carries significant risks.
Token approvals enable smooth interactions between digital assets and decentralized applications (dApps).
Granting unlimited approvals, however, removes control from the user.
Those permissions become dangerous if a malicious actor controls the counterparty.
That is exactly what happened to the Venus Protocol user — a single approval turned into a complete disaster.
Moreover, DeFi has no refund button or customer support hotline.
Errors are often final in this space, and the $27 million is likely gone for good.
XVS price outlook
Venus Protocol’s native token turned bearish amid the fallout from the scam.
XVS dropped more than 6% on the daily chart following the sharp sell-off.
The token traded around $5.99 amid heavy selling pressure.
A 400% increase in 24-hour trading volume signals heightened activity, likely from holders exiting positions to avoid further losses.
Bears currently dominate XVS price charts, suggesting additional downside before the altcoin can stabilize.