Venus Protocol Trader Loses $30 Million in Major Error, Cyvers Confirms
A dramatic incident on Venus Protocol has resulted in the lack of almost $30 million price of belongings.
While many initially suspected a hack, blockchain safety analysts at Cyvers confirmed to BeInCrypto that this was a user-side mistake, not a vulnerability in the protocol itself.
Phishing Scam Costs Venus Protocol User $30 Million, Not a Protocol Hack
PeckShield first flagged the suspicious exercise, noting {that a} Venus Protocol consumer had been drained of roughly $27 million after falling sufferer to a phishing rip-off.
The attacker gained entry by tricking the sufferer into approving a malicious transaction, which gave limitless permissions to switch belongings from the pockets.
The stolen tokens included round $19.8 million in vUSDT, $7.15 million in vUSDC, $146,000 in vXRP, $22,000 in vETH, and even 285 BTCB, representing what observers described as “generational wealth.”
Defi analyst Ignas additionally weighed in, noting that Venus itself “labored as meant” and that the incident stemmed from the attacker exploiting pre-approved authorizations from the compromised pockets.
“One dangerous approval and growth—you’re performed. That’s the darkish aspect of DeFi: open approvals are highly effective, but additionally lethal should you’re not cautious,” wrote analyst Crypto Jargon.
The sentiment was echoed throughout the neighborhood as warnings resurfaced. Best practices embrace repeatedly revoking approvals, avoiding unverified hyperlinks, and utilizing {hardware} wallets as an alternative of relying solely on scorching wallets.
Cyvers confirmed this in a press release to BeInCrypto:
“Yes, consumer aspect error not at protocol stage,” Cyvers articulated.
The stolen funds stay unswapped, held in the attacker’s contract handle.
“This incident exhibits that even skilled DeFi customers stay weak to classy phishing schemes. By tricking the sufferer into granting token approvals, the attacker was in a position to drain $27 million from a Venus Protocol in a single transaction” mentioned Hakan Unal Senior Security Operation Lead at Cyvers.
Bunni DEX Exploit Drains $8.4 Million
In a separate incident, Bunni, a decentralized exchange (DEX) constructed on Uniswap v4, suffered an exploit that drained over $8.4 million throughout Ethereum and UniChain.
Unlike the Venus case, this was a real vulnerability on the protocol stage.
Bunni introduced that it had paused all sensible contract capabilities throughout networks as its crew investigates:
“The Bunni app has been affected by a safety exploit. As a precaution, we now have paused all sensible contract capabilities on all networks,” the community confirmed.
According to GoPlus Security, the exploit stemmed from weaknesses in Bunni’s customized Liquidity Distribution Function (LDF).
Victor Tran, a blockchain developer, defined how the attacker manipulated the curve with rigorously sized trades.
By repeatedly triggering miscalculations throughout liquidity rebalancing, the exploiter was in a position to withdraw extra tokens than they need to have, draining swimming pools earlier than finalizing the assault with two swap steps.
Tran emphasised that whereas Bunni’s hook was compromised, Uniswap v4 itself remained unaffected.
The twin incidents spotlight the delicate steadiness between innovation and safety in decentralized finance (DeFi).
Venus Protocol’s loss highlights the human aspect, the place a single click on can erase fortunes. Meanwhile, Bunni’s exploit reveals how novel mechanisms’ precision flaws can expose liquidity.
In a market the place billions are at stake, one mistake, whether or not human or technical, can show devastating.
Therefore, because the DeFi sector expands, consumer training and protocol rigor will stay essential.
The submit Venus Protocol Trader Loses $30 Million in Major Error, Cyvers Confirms appeared first on BeInCrypto.
