Author: Gu Yu, ChainCatcher
Hackers are the deadly enemy of any DeFi protocol. Most DeFi protocols will collapse and decline after suffering millions of dollars in attack losses. However, Venus Protocol, as BNB Chain's flagship lending protocol and a Binance incubation project, is clearly a rare exception.
Venus was originally developed by the Swipe team, which was acquired by Binance, and was released the month after the BNB Chain mainnet launch in 2020. It quickly became the lending protocol with the largest locked assets and user base on the BNB Chain. According to RootData , Venus's token FDV is currently $94 million, and its TVL is $1.47 billion.
Recently, Venus has once again become the target of a hacker attack. According to the official team's recap, the attackers began accumulating THE tokens slowly through the normal deposit process in June 2025, eventually holding approximately 12.2 million THE tokens, worth $2.4 million.
On March 15, the attacker directly deposited all THE tokens as collateral into the lending contract, taking advantage of the extremely low on-chain liquidity of THE and the delay of the TWAP oracle to recursively manipulate the price, lending out assets such as BTC, BNB, and CAKE worth millions of dollars.
The collapse of THE's price triggered a chain of liquidations, ultimately resulting in approximately $2.15 million in bad debt for Venus. Looking back over the past few years, Venus has been attacked by hackers almost every year, particularly oracle attacks, resulting in over $100 million in bad debt for Venus.
XVS Oracle Price Manipulation Event
In May 2021, an attacker exploited the relative lack of liquidity of the XVS token on centralized exchanges (primarily Binance) to push the price of XVS from around $70 to over $140 in a short period. The attacker then used his XVS holdings as collateral to borrow a large amount of high-quality assets (approximately 2,000 BTC and 5,700 ETH) from the Venus protocol.
Subsequently, the price of XVS plummeted, falling to a low of $31 and triggering massive liquidations. Because market liquidity could not support such a massive sell-off, the Venus protocol incurred over $95 million in bad debt.
Following this incident, the protocol announced that the Swipe team would step down from management, and a new council composed of community members would take over the subsequent governance of the protocol, but it still has a strong Binance background.
LUNA crash
In May 2022, during the LUNA crash, the real price of LUNA quickly fell below $0.10. However, because the Chainlink oracle stopped updating after the price fell to a certain threshold ($0.10), the Venus protocol continued to accept LUNA collateral at the erroneous "high price" of $0.10.
After discovering the vulnerability, the attackers bought a large amount of LUNA at a low price on the secondary market and deposited it into Venus. They then used this inflated value as collateral to borrow other assets, causing the protocol to incur more than $11.2 million in bad debts.
Binance Oracle Incident
In December 2023, Venus used Binance Oracle's price feed data in the segregated lending pool of the low-liquidity asset snBNB. The attacker bought snBNB in the extremely small pool of PancakeSwap. Due to the extremely thin liquidity, the price of snBNB was instantly driven up to an absurd level.
The attacker then deposited 0.49 snBNB and borrowed almost all available assets in the pool (including WBNB, BNBx, ankrBNB, etc.), totaling approximately $274,000, which was subsequently laundered through a cross-chain bridge. Ultimately, Venus governance passed a proposal to use Treasury funds to fully cover this bad debt.
wUSDM Oracle Price Manipulation Incident
In February 2024, an attacker exploited a vulnerability in the ERC-4626 protocol to artificially cause the price of the Mountain Protocol-issued wUSDM stablecoin to rise to $1.7 in a short period of time. The attacker then deposited a small amount of wUSDM into the Venus protocol.
Because the oracle read a manipulated "false high price," the attackers used these inflated wUSDM collateral to borrow other assets (such as USDC and ETH) from the pool that were of higher value. As the price of wUSDM fell back to the normal $1, the attackers had already transferred the borrowed assets and were no longer repaying them. Venus incurred approximately $716,000 in bad debt after liquidating the transaction.
Community governance disputes
In addition to the attacks mentioned above, Venus also faced external scrutiny in September 2021 due to a governance incident. At that time, a Venus community user posted a proposal titled "Form a Bravo Team," which proposed giving this team voting and fundraising capabilities equivalent to the original governance team.
However, the initiator appears to have induced voting by promising to distribute tokens. According to the proposal, of the 1.9 million XVS tokens to be raised, the Bravo team would allocate 900,000 XVS ($29 million) to addresses that voted in favor. Ultimately, at 10:33 PM on September 14th, the proposal passed with 1.29 million votes in favor and 1.19 million votes against.
According to industry practice, on-chain governance proposals, once passed by vote, should be implemented by the team. However, the Venus team "cancelled" the resolution with a single click, stating that it was intended to prevent anonymous individuals from controlling the protocol through bribery. This is one of the very few instances in the DeFi industry to date where an on-chain governance proposal has passed a vote but not been implemented.
In addition, in September 2025, the Venus protocol experienced a security incident that resulted in user losses of over $13 million. However, this was mainly due to hackers altering the user's computer interface, inducing them to sign a "delegate" transaction, rather than a vulnerability in Venus itself.
How did Venus become a "survivor"?
Looking at these attacks, Venus stands out as a rare "survivor" in the crypto space, and may even be the most experienced project in dealing with hacker attacks. This is largely due to Binance's continued support for Venus in terms of resources and brand, as a crypto giant. Even with so many security incidents, Binance continues to directly guide exchange users to deposit money into Venus through its wealth management features to obtain higher returns.
Venus on-chain TVL statistics source: DeFillama
As is widely known, Binance wields absolute power within the BNB Chain ecosystem. As Binance's primary supporter in the lending sector, Venus consistently enjoys ecosystem support and risk mitigation capabilities unmatched by most other DeFi projects, even amidst potential security vulnerabilities.
From an industry perspective, the vulnerabilities of DeFi are also highlighted in these cases. Whether it's oracle delays, illiquid assets, price manipulation, or governance loopholes, these issues have repeatedly surfaced in the history of Venus and many other DeFi projects.
In highly automated DeFi systems, if a design flaw occurs in any part of the system, attackers can often exploit price, liquidity, or time differences to construct complex arbitrage attacks.
Venus's ability to survive multiple crises largely relies on strong ecosystem support and financial compensation capabilities. However, for most DeFi projects, a single attack worth tens of millions of dollars is often enough to bring the entire protocol to an end.
Venus's "exception" not only demonstrates the ability of leading ecosystems to protect projects, but also highlights the general fragility of the DeFi security system. When security can only rely on "giants backing up" rather than the risk control and mechanism guarantees of the protocol itself, the true security of DeFi remains a long and arduous task.
