Reduced to a hacker's ATM yet standing tall, the theft of Venus reflects the awkwardness of DeFi

By: rootdata|2026/03/16 19:45:00
0
Share
copy

Author: Gu Yu, ChainCatcher

Hackers are the deadly enemies of any DeFi protocol. The vast majority of DeFi protocols falter and decline after facing attacks resulting in losses of millions of dollars. However, as the flagship lending protocol of BNB Chain and an incubated project by Binance, Venus Protocol is clearly a rare exception.

Venus was developed by the Swipe team, which was acquired by Binance, and was launched in the month following the mainnet launch of BNB Chain in 2020. It quickly became the largest lending protocol on BNB Chain in terms of locked assets and user scale. According to RootData, the current FDV of Venus tokens is $94 million, and the TVL is $1.47 billion.

Recently, Venus became a target of a hacker attack once again. According to the official team's review, the attacker began accumulating THE tokens through normal deposit processes starting in June 2025, ultimately holding about 12.2 million THE, valued at $2.4 million.

On March 15, the attacker directly deposited all THE tokens as collateral into the lending contract, leveraging the extremely low on-chain liquidity of THE combined with TWAP oracle delays to conduct recursive price manipulation, borrowing millions of dollars worth of BTC, BNB, CAKE, and other assets.

As the price of THE collapsed, triggering a chain of liquidations, this incident ultimately resulted in approximately $2.15 million in bad debt for Venus. Looking back at the history of the past few years, Venus has faced hacker attacks almost every year, particularly oracle attacks, leading to a cumulative bad debt of over $100 million.

XVS Oracle Price Manipulation Incident

In May 2021, an attacker exploited the relative lack of liquidity of XVS tokens on centralized exchanges (mainly Binance) to rapidly push the price of XVS from around $70 to over $140 in a short period. The attacker then used the XVS they held as collateral to borrow a large amount of high-quality assets (about 2,000 BTC and 5,700 ETH) from the Venus protocol.

Subsequently, the price of XVS plummeted, dropping to a low of $31, triggering large-scale liquidations. Due to the market liquidity being unable to support such a massive liquidation sell-off, Venus protocol incurred over $95 million in bad debt.

After this incident, the protocol announced that the Swipe team would withdraw from management, and a new council composed of community members would take over the subsequent governance of the protocol, but it still retained a strong Binance background.

LUNA Crash Incident

In May 2022, during the LUNA crash incident of that month, the real price of LUNA rapidly fell below $0.1 in a short time. However, due to the Chainlink oracle stopping updates after the price fell to a specific threshold ($0.10), the Venus protocol continued to accept LUNA collateral at the erroneous "high price" of $0.1.

After discovering this vulnerability, the attacker bought a large amount of LUNA at a low price from the secondary market and deposited it into Venus, using the inflated value as collateral to borrow other assets, resulting in over $11.2 million in bad debt for the protocol.

Binance Oracle Incident

In December 2023, due to Venus using Binance Oracle's price feed data in the isolated lending pool of the low liquidity asset snBNB, the attacker bought snBNB in that very small pool on PancakeSwap. Due to the extremely thin depth, the price of snBNB was instantly driven up to an absurd level.

The attacker then deposited 0.49 snBNB and borrowed almost all available assets in the pool (including WBNB, BNBx, ankrBNB, etc.), totaling approximately $274,000, which was later washed out through a cross-chain bridge. Ultimately, Venus governance proposed to use treasury funds to fully cover this bad debt.

wUSDM Oracle Price Manipulation Incident

In February 2024, an attacker exploited a vulnerability in the ERC-4626 protocol, artificially causing the price of the wUSDM stablecoin issued by Mountain Protocol to spike to $1.7 in a short time. The attacker then deposited a small amount of wUSDM into the Venus protocol.

Due to the oracle reading the manipulated "false high price," the attacker used these inflated-value wUSDM collateral to borrow other higher-value assets in the pool (such as USDC, ETH, etc.). As the price of wUSDM returned to the normal $1, the attacker had already transferred the borrowed assets and did not return them, resulting in approximately $716,000 in bad debt for Venus after the transaction was liquidated.

Community Governance Controversy

In addition to the above attack incidents, Venus also faced external scrutiny due to a governance incident in September 2021. At that time, a Venus community user proposed a proposal titled "Forming the Bravo Team," intending to grant a team with the same voting and fundraising capabilities as the original governance team.

However, the initiator allegedly induced votes by promising to distribute tokens. According to the proposal description, out of the proposed financing of 1.9 million XVS tokens, the Bravo team would distribute 900,000 XVS ($29 million) to addresses that voted in favor. Ultimately, on September 14 at 10:33 PM, the proposal passed with 1.29 million votes in favor and 1.19 million votes against.

According to industry principles, on-chain governance proposals should be executed by the team once voted through. However, the Venus team "canceled" the resolution with one click, stating that it aimed to prevent anonymous individuals from controlling the protocol through bribery. This is one of the rare cases in the DeFi industry where an on-chain governance proposal or vote was passed but not implemented.

Additionally, in September 2025, there was a security incident in the Venus protocol that resulted in user losses exceeding $13 million, but this was mainly due to the user's computer interface being tampered with by hackers, leading them to sign a "delegate" transaction, rather than a vulnerability in Venus itself.

Why Venus Became a "Survivor"

In light of these attack incidents, Venus can be regarded as a rare "survivor" in the crypto space, and it may have become the "most experienced" project in dealing with hacker attacks. This is largely due to Binance's continuous support in terms of resources and brand for Venus as a crypto giant. Even after so many security incidents, Binance still directly guides exchange users to deposit into Venus through financial functions to obtain higher yields.

Venus on-chain TVL statistics Source: DeFillama

It is well known that Binance holds absolute authority in the BNB Chain ecosystem. As the main support object for Binance in the lending field, Venus always enjoys ecological tilt and risk coverage capabilities that most other DeFi projects do not have, even if there may be a series of security risks.

From an industry perspective, the vulnerabilities of DeFi are also highlighted in these cases. Whether it is oracle delays, low liquidity assets, price manipulation, or governance mechanism vulnerabilities, these issues have repeatedly appeared in the history of Venus and many other DeFi projects.

In highly automated DeFi systems, as long as there is a design flaw in any one link, attackers can often exploit price, liquidity, or time differences to construct complex arbitrage attacks.

Venus's ability to survive multiple crises largely relies on strong ecological support and financial compensation capabilities. However, for the vast majority of DeFi projects, an attack of tens of millions of dollars is often enough to lead the entire protocol to its end.

Venus's "exception" not only confirms the protective ability of leading ecosystems for projects but also highlights the general fragility of the DeFi security system—when security can only rely on "giant backing" rather than the protocol's own risk control and mechanism guarantees, the true security of DeFi still has a long way to go.

You may also like

Former ByteDance employee's account: How I started with two Pinduoduo hard drives and made six times the profit with Seagate to achieve financial freedom?

A programmer from a big tech company bought hard drives on Pinduoduo and, following clues, managed to accurately capture the sixfold rising stock Seagate using the "finding daily anomalies + 13F institutional verification" framework, making a wild profit of $400,000 and achieving financial freedom.

MiCA reshuffle begins, Binance temporarily bids farewell to the EU

What Binance leaves behind is not scattered retail investors, but a whole batch of high-value users who are forced to liquidate and have almost nowhere to go.

How does Gate redo "buying and selling stocks" from the cryptocurrency world to the stock market?

The competition logic of exchanges has changed.

Visa and Mastercard join 140 giants to launch a new stablecoin, but the impact on the market landscape may still be limited

As an important milestone event in the stablecoin landscape, OUSD is likely to change the existing stablecoin landscape and significantly increase the adoption rate of stablecoins in the global financial system.

Circle CEO responds to OUSD's challenge: Stablecoins are a winner-takes-all business, and we will not slow down

OUSD was jointly launched by more than 140 giants, causing Circle's stock price to plummet in a single day. Circle's CEO personally wrote a response, clarifying USDC's moat from three aspects: network effects, liquidity, and regulation, and dismantling OUSD's three selling points of "free redemption...

Argentina vs Cape Verde: When a Record-Breaking Legend Meets an Unbreakable Underdog

WEEX exclusive pre-match analysis of Argentina vs Cape Verde, exploring Messi-led Argentina’s dominance and Cape Verde’s historic defensive breakout, with a breakdown of volatility, structure, and match dynamics.

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:[email protected]
VIP Program:[email protected]