Reduced to a hacker ATM yet standing firm, Venus reflects the awkwardness of DeFi thefts.

Author: Gu Yu, ChainCatcher

Hackers are the mortal enemies of any DeFi protocol, as most DeFi protocols tend to collapse after facing attack losses in the millions of dollars. However, as the leading lending protocol on BNB Chain and an incubated project from Binance, Venus Protocol is clearly a rare exception.

Venus was developed by the Swipe team, which was acquired by Binance, and was launched shortly after the BNB Chain mainnet went live in 2020. It quickly became the largest lending protocol in terms of locked assets and user scale on BNB Chain. According to RootData, the current FDV of Venus tokens is 94 million dollars, and the TVL is 1.47 billion dollars.

Recently, Venus has once again become a target for hacker attacks. According to a review by the official team, the attacker had started accumulating THE tokens slowly through normal deposit processes since June 2025, eventually holding approximately 12.2 million THE, worth 2.4 million dollars.

On March 15, the attacker directly deposited all THE tokens as collateral into the borrowing contract, using the extremely low on-chain liquidity of THE combined with TWAP oracle delays to manipulate prices in a recursive cycle and borrowed assets worth several million dollars, such as BTC, BNB, and CAKE.

As the price of THE collapsed, it triggered a series of liquidations, ultimately resulting in approximately 2.15 million dollars in bad debts for Venus. Looking back at the history of the past few years, Venus has been attacked by hackers almost every year, particularly through oracle attacks, leading to total bad debts exceeding 100 million dollars.

XVS Oracle Price Manipulation Incident

In May 2021, an attacker exploited the weakness of insufficient liquidity of XVS tokens on centralized exchanges (mainly Binance), rapidly driving the price of XVS from approximately 70 dollars to over 140 dollars in a short period of time. The attacker then used their held XVS as collateral to borrow a large quantity of quality assets (approximately 2000 BTC and 5700 ETH) from the Venus protocol.

Subsequently, the price of XVS experienced a cliff-like drop, falling to a low of 31 dollars, triggering large-scale liquidations. Due to market liquidity being unable to support such massive liquidation sell-offs, the Venus protocol suffered bad debts exceeding 95 million dollars.

After the incident, the protocol announced that the Swipe team would withdraw from management, and a new council composed of community members would take over the follow-up governance of the protocol, while still maintaining a strong connection with Binance.

LUNA Crash Incident

In May 2022, during the LUNA crash event of that month, the real price of LUNA rapidly fell below 0.1 dollars, but because the Chainlink oracle stopped updating when the price dropped to a specific threshold (0.10 dollars), the Venus protocol continued to receive LUNA collateral at the erroneous “high price” of 0.1 dollars.

After discovering this vulnerability, the attacker bought a large amount of LUNA at a low price from the secondary market and deposited it into Venus, using the inflated value as collateral to borrow other assets, leading to the protocol incurring bad debts exceeding 11.2 million dollars again.

Binance Oracle Incident

In December 2023, due to Venus using the price feed data from Binance Oracle in the isolated lending pool of the low liquidity asset snBNB, the attacker bought snBNB in that extremely small pool on PancakeSwap. Due to the extremely shallow depth, the price of snBNB was instantly driven up to an absurd level.

The attacker then deposited 0.49 snBNB and borrowed almost all available assets in the pool (including WBNB, BNBx, ankrBNB, etc.), with a total value of approximately 274,000 dollars, and subsequently washed them through a cross-chain bridge. Ultimately, the governance of Venus proposed to use Treasury funds to fully cover this bad debt.

wUSDM Oracle Price Manipulation Incident

In February 2024, an attacker exploited a vulnerability in the ERC-4626 protocol, artificially causing the price of the wUSDM stablecoin issued by Mountain Protocol to soar to 1.7 dollars in a short period of time, after which the attacker deposited a small amount of wUSDM into the Venus protocol.

Due to the oracle reading the manipulated “false high price,” the attacker used these inflated value wUSDM collateral to borrow other higher-value assets in the pool (such as USDC, ETH, etc.). As the price of wUSDM fell back to the normal 1 dollar, the attacker had already transferred the borrowed assets and would not return them, resulting in Venus incurring approximately 716,000 dollars in bad debt after liquidating this transaction.

Community Governance Controversy

Besides the aforementioned attack incidents, Venus also faced external scrutiny in September 2021 due to a governance event. At that time, a Venus community user proposed the formation of a "Bravo team," intending to grant a team by that name voting and fundraising capabilities equivalent to the original governance team.

However, the initiator allegedly induced voting by promising to distribute tokens. According to the proposal description, of the proposed financing of 1.9 million XVS tokens, the Bravo team would allocate 900,000 XVS (29 million dollars) to addresses that voted in favor. Finally, on September 14 at 10:33 PM, the proposal was passed with 1.29 million votes in favor and 1.19 million votes against.

According to industry norms, on-chain governance proposals should be executed by the team once voted through, but the Venus team "one-click canceled" this resolution, claiming it aimed to prevent anonymous individuals from controlling the protocol through bribery. This is one of the very few instances in the DeFi industry where an on-chain governance proposal or vote was approved but not implemented.

Additionally, in September 2025, the Venus protocol experienced a security incident resulting in over 13 million dollars in user losses, but this was mainly due to the user's computer interface being compromised by hackers, inducing them to sign a "delegate" transaction, rather than a fault within Venus itself.

How Venus Became a "Survivor"

Looking through these attack incidents, Venus can be regarded as a rare "survivor" in the crypto space, and perhaps has become the "most experienced" project in dealing with hacker attacks. This is largely attributable to Binance’s continuous support in terms of resources and brand for Venus as a crypto giant. Even after so many security incidents, Binance still actively guides users from the exchange to deposit into Venus to obtain higher yields through financial management functions.

Venus On-chain TVL Statistics Source: DeFillama

As is well known, Binance holds absolute authority in the BNB Chain ecosystem. As the main support entity for Binance in the lending field, Venus always enjoys ecological tilt and risk coverage ability that most other DeFi projects lack, even in the face of potential security risks.

From an industry perspective, the vulnerabilities of DeFi are also highlighted in these cases. Whether it's oracle delays, low liquidity assets, price manipulations, or governance mechanism loopholes, these issues have repeatedly appeared in the histories of Venus and many other DeFi projects.

In highly automated DeFi systems, as long as a single link has design flaws, an attacker can often exploit price, liquidity, or timing differences to construct complex arbitrage attacks.

Venus’s ability to survive after multiple crises largely relies on strong ecological support and fund compensation capabilities. But for the vast majority of DeFi projects, an attack on the scale of millions of dollars is often enough to end an entire protocol.

Venus's "exception" not only confirms the ability of leading ecosystems to protect projects but also highlights the general vulnerability of the DeFi security system - when security can only rely on "giants covering costs" rather than the protocol's own risk control and mechanism guarantees, true security in DeFi still has a long way to go.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。