Venus Exploit on BNB Chain: $2.15 Million in Losses and XVS Crash

In recent hours, the exploit of Venus has highlighted the vulnerabilities of DeFi markets on BNB Chain, with repercussions on the governance token XVS and the broader ecosystem.

Details of the exploit and immediate impact on XVS

The lending protocol Venus was hit by an exploit on March 16, which generated approximately $2.15 million in bad debt and a drop of over 9% in the value of the governance token XVS in the following 24 hours.

The protocol, active on BNB Chain with over $1.4 billion in total value locked, saw selling pressure on the XVS token intensify only after on-chain analysis highlighted significant movements towards exchanges by large holders, including wallets linked to Justin Sun.

Meanwhile, the downturn occurred in a broader context of risk aversion: the CoinDesk 20 index lost about 4.6% in the same timeframe, indicating a general correction in digital assets.

How the Venus exploit occurred in the Thena market

The attack targeted the Thena market within the protocol. According to Venus, the attacker spent about nine months accumulating a significant position in the THE token of Thena, using approximately 7,400 ETH sourced from the mixer Tornado Cash, as reported by the analysis firm PeckShield.

Subsequently, the attacker donated more than 36 million THE tokens directly to the vTHE contract. This operation bypassed normal cap controls and increased the market exchange rate by about 3.8 times, creating an inflated book value.

With this higher theoretical value, the attacker used THE as collateral to borrow other assets from the protocol. Additionally, they continued to buy THE in a market characterized by reduced liquidity, amplifying the price effect.

Price movement of THE and profit realization

The acquisitions pushed the price of THE from about $0.26 to nearly $0.56. Venus clarified that this was not a flash loan attack, that the price oracles continued to function correctly, and that the Venus Flux module was not affected.

However, when the attacker began selling THE, the price dropped by over 17% in less than a day, triggering a series of liquidations. Analyses estimate that the value extracted before the liquidations ranged between $3.7 million and $5.8 million, in the form of assets like tokenized bitcoin, BNB, and stablecoins.

Overall, the direct damage was largely concentrated on the THE token and, to a lesser extent, on CAKE. Venus emphasized that there were no user fund losses outside the involved pools.

Venus protocol response and mitigation measures

In response to the incident, the protocol suspended new loans and withdrawals related to THE, reset the collateral value attributed to the token, and tightened risk parameters on other markets considered potentially vulnerable.

The markets flagged as at risk include those for BCH, LTC, AAVE, and other assets. Additionally, Venus stated that the code flaw that allowed bypassing cap controls in the vTHE contract is being corrected to prevent similar use in the future.

That said, the protocol explained that the attacker’s address had already been flagged by the community before the incident. However, Venus had not intervened, as there were no rule violations or actual exploits at the time of the report.

Decentralization, governance, and loss coverage

The incident has reignited the debate on the permissionless nature of DeFi protocols. Venus reminded that, as a decentralized protocol, it cannot and should not freeze or blacklist addresses solely based on suspicion, highlighting the structural tension between security and openness.

The platform’s governance will now have to decide how to cover the bad debt of approximately $2.15 million, considering the use of the protocol’s risk fund. This phase will be crucial to measure the resilience of the risk management model and the ability to absorb extreme events.

Moreover, the episode represents a new case study for DeFi operators, who will have to deal with the dynamics of slow position accumulation, manipulation of internal rates, and exploitation of gaps in the security controls of collateralized markets.