Venus Protocol, a BNB Chain-based decentralized lender, has seen one of its top traders lose $13.5 million to a phishing exploit. Although the attack did not directly affect the Venus protocol, the project’s team temporarily halted its activities.
Trader Fails Victim to Phishing Scam
The blockchain security firm PeckShield was the first to disclose the exploit. Initially, PeckShield reported that the Venus user had lost approximately $27 million. However, the security firm later corrected the figure to $13.5 million, explaining that the initial estimate did not account for the user’s outstanding debt position.
#PeckShieldAlert Correction
The loss for the phished @VenusProtocol user is ~$13.5M.
Initial estimates were higher as we did not exclude the debt position. https://t.co/k6JDDLOrP1 pic.twitter.com/3Wx8ufpvic— PeckShieldAlert (@PeckShieldAlert) September 2, 2025
The victim fell prey to the phishing scam by approving a transaction from a malicious Core Pool Comptroller contract. This granted the attacker access to their funds. Once permission was given, the hacker quickly drained stablecoins and wrapped tokens from the trader’s wallet.
Phishing scams like this are increasingly common in DeFi. They trick users into signing what appear to be harmless transactions. However, in reality, these approvals hand over full control of digital assets to criminals. In past reports, traders have lost millions of dollars to phishing exploits.
There are also occurrences of contract exploits to steal funds. An example is Arcadia Finance, a DeFi platform, which was hit by a $2.5 million hack after attackers exploited a weakness in its contract. This allowed the malicious actor to pull funds from user vaults without approval.
Venus Protocol Responds
Responding to the exploit, Venus Protocol confirmed that its own smart contracts remained secure and were not breached. They pointed to user error on the part of the trader, stressing that the issue was not caused by any technical flaw in the protocol itself. The team added that no other users were affected and promised to keep everyone updated as the review continued.
Despite claiming to be unaffected, Venus temporarily paused operations as it investigates the matter. While this raised the eyebrows of onlookers, it helped to trap the funds in the attacker’s wallet. As of this writing, the stolen funds remain in their custody.
Meanwhile, Venus protocol’s native token, XVS, saw a mild 3.3% price decline. At the time of writing, the asset sold for $6.1.
Get Trending Crypto News as It Happens. Follow CoinTab News on X (Twitter) Now
Ephraim Emmanuel | March 10, 2026
Chris Lion | March 9, 2026
