Venus (XVS) is a currency market based on the BNB chain with a total locked value of more than 1.4 billion US dollars. Its governance token Venus (XVS) fell by more than 9% within 24 hours after being exploited, causing its bad debts to reach 2.15 million US dollars.
The decline came amid a broad sell-off in risk assets, causing the broader CoinDesk 20 (CD20) index to lose 4.6% in value over the same period.
The breach occurred on March 16 and did not appear to affect XVS price until analysis showed major holders, including wallets linked to Justin Sun, moving large amounts of funds to the exchange.
Venus said the breach left about $2.15 million in bad debt, or loans that the system can no longer collect, on its Thena marketplace.
Under the protocol, the attackers spent approximately nine months amassing a large position in Thena tokens. According to PeckShield, the accumulated funds were 7,400 ETH withdrawn from the hybrid protocol Tornado Cash.
Subsequently, the attacker directly donated more than 36 million THE to the vTHE contract, skipping the normal cap check and increasing the market exchange rate by approximately 3.8 times. Venus said that code vulnerabilities that allowed attackers to skip these checks are being fixed.
According to Venus, due to the higher paper value, attackers used THE as collateral, borrowed other assets and purchased more THE in the thin market.
The buying helped the Times rise from about $0.26 to nearly $0.56. Venus stated that this was not a flash loan attack and that its oracles had been working and Venus Flux was not affected.
When the attacker later sold THE, the price fell by more than 17% in less than a day, and liquidations ensued. The analysis showed that the pre-liquidation value was approximately $3.7 million to $5.8 million, with assets including tokenized Bitcoin, BNB, and stablecoins.
The damage was mostly limited to THE token, and to a lesser extent CAKE. It also stated that no user funds were lost outside of the affected pools.
The agreement paused THE borrowing and withdrawals, slashed THE value of collateral to zero, and tightened rules on other markets deemed risky in response to the incident. Markets at risk include , aave wait.
The attack address had been flagged by the community before the incident. Venus showed “no rule violations and no exploitative behavior occurred,” it said.
“Venus is a decentralized protocol. As a permissionless protocol, we cannot and should not freeze or blacklist addresses simply based on suspicion,” the protocol wrote on social media. “This is a tension inherent in DeFi and we take it seriously.”
Governance is expected to decide how to recoup losses through the Venus Venture Fund.
