Venus Protocol Suspends Operations Amid Phishing Attack

Venus Protocol, a well-known lending platform on the BNB Chain, has temporarily stopped its operations. According to a post on X, the suspension happened after a phishing attack resulted in nearly $27 million being stolen from one user’s wallet. 

Venus Protocol User Lost $27 Million

The issue came to light when a blockchain security firm, Cyvers, noticed a suspicious transaction. The attack exploited user wallet permissions, enabling the hacker to steal funds without compromising the protocol itself.

As reported, the stolen assets include, $19.8 million in vUSDT, $146,000 in vXRP, $22,000 in vETH, $7.15 million in vUSDC, and 285 Binance-pegged Bitcoin (BTCB). Notably, the stolen funds remain unswapped and in the attacker’s smart contract wallet.

In response, Venus Protocol paused all activities to stop any further unauthorized access or movement of assets. The team reassured users that it is investigating the attack and is doing everything possible to ensure the platform is protected. Additionally, the team affirmed that the main protocol is completely secure, and no issues were found in the smart contract system itself.

Security experts say this was not a problem with the system, but a phishing attack. A user was tricked into approving the bad actor’s access to its tokens. Importantly, users should check their wallet permissions and revoke any that aren’t needed. Following best practices can help protect their funds.

Phishing Scam is Still a Major Threat

While cryptocurrency-related scams saw a significant decline in March, phishing attacks remain a serious concern. On March 21, Australian federal police warned 130 individuals about sophisticated scams impersonating major cryptocurrency exchanges through SMS messages.

These fraudulent messages spoofed legitimate “sender IDs,” tricking users into believing they were receiving official communication. In the third quarter of 2024, phishing scams caused even more significant losses. Reports affirmed that $127 million was stolen in September, affecting over 11,000 users.

One person lost $32 million by signing a fake “permit” message, which gave the scammer complete control of the wallet. In March 2025, more than $46 million was stolen from Coinbase users through similar phishing attacks.

Other Malicious Techniques to Watch Out For

Another scam used by attackers is known as address poisoning. This technique involves sending a small number of tokens from a wallet address closely resembling the victim’s address. The goal is to plant this lookalike address in the transaction history.

Later, the victim copies a similar address, mistaking it for a trusted one during future transfers. This leads to funds being sent directly to the attacker. It is worth noting that scammers rely heavily on social media platforms like Telegram, X, and Discord.

Bad actors often post fake links that look trustworthy to trick users. These links can lead to actions that compromise wallets or expose sensitive information. Users must be careful and double-check wallet addresses before making transfers.