BNB Holder May Have Lost $27M in Phishing Scam; Venus Protocol Not Compromised

• Binance Smart Chain phishing drain: ~ $27M lost after wallet approval of a malicious transaction.

• Venus Protocol confirms its smart contracts were not compromised; the issue is a user wallet compromise.

• Security firms PeckShield, Cyvers and ZeroShadow are investigating and assisting recovery efforts.

Binance Smart Chain phishing: $27M drained from a user wallet; Venus Protocol safe—follow recovery updates on COINOTAG.

What happened in the Binance Smart Chain phishing drain?

Binance Smart Chain phishing led to a single user wallet being drained of about $27 million in wrapped tokens after the wallet owner approved a malicious transaction. Security firms PeckShield and Cyvers confirm this was a phishing attack; Venus Protocol states its contracts remain secure and other users are unaffected.

How did the phishing scam work?

Phishing scams trick users into approving malicious transactions by mimicking trusted sites or dApps. The attacker presented a website or interface with a nearly identical domain. The victim granted token approval to the attacker’s address, which allowed the attacker to transfer wrapped USDT/USDC tokens out of the wallet.

Who is assisting with investigation and recovery?

PeckShield and Cyvers are publicly involved in the investigation. Venus Protocol teams and community delegate Danny Cooper report collaboration with Binance Security, HexaGate, ChaosLabs, and ZeroShadow to attempt fund recovery. Recovery is ongoing and not guaranteed at this stage.

Why was Venus Protocol initially mistaken as hacked?

Early on, funds were observed in Venus wrapper tokens for USDT and USDC, which led observers to suspect a protocol exploit. Venus Protocol and security teams quickly clarified that the protocol was not exploited. The wrapped tokens and approvals were linked to a compromised user wallet, not to a vulnerability in the protocol’s smart contracts.

What evidence points to the attackers’ origin?

Initial analysis by ZeroShadow noted an “attack fingerprint” suggesting a link to actors based in the Democratic People’s Republic of Korea. Historical context: Lazarus Group, associated with North Korea, has been linked to major crypto heists according to public filings and law enforcement reporting.

How to respond if your wallet is phished

1. Revoke approvals immediately: Use trusted on-chain approval revocation tools to rescind token approvals.
2. Move safe assets: Transfer unaffected assets to a new wallet with new seed phrases after ensuring device security.
3. Contact security partners: Report incidents to security firms and projects involved for tracing and possible recovery assistance.
4. Preserve logs and TX IDs: Keep transaction hashes, addresses involved, and any phishing domain details for investigators.

Frequently Asked Questions

Is my Venus Protocol balance at risk after this incident?

No. Venus Protocol states that its smart contract infrastructure remains secure. Only the compromised user’s wallet was affected; other users’ funds are not known to be at risk.

How do phishing approvals allow attackers to drain wallets?

When a user approves a token allowance to a malicious address, the attacker gains the on-chain permission to transfer the approved tokens out of that wallet, enabling immediate asset extraction.

Key Takeaways

• Incident scope: A single Binance Smart Chain wallet lost ~ $27M after a phishing approval.
• Protocol safety: Venus Protocol confirms its contracts were not exploited; user funds on the protocol are not broadly compromised.
• Response: PeckShield, Cyvers, ZeroShadow and multiple security partners are working with the victim to investigate and attempt recovery.

Conclusion

The Binance Smart Chain phishing incident that drained roughly $27 million underscores persistent risks from social-engineering attacks. Binance Smart Chain phishing incidents exploit user trust rather than protocol flaws. Users should revoke suspicious approvals, secure devices, and follow guidance from security partners. Stay updated through COINOTAG for recovery developments and recommended safety practices.

Published by COINOTAG • Updated: 2025-09-02