$200 M Venus Protocol hack analysis
On May 18th, Venus Protocol suffered a huge $200M+ in liquidation. This was due to price manipulation of the governance token (XVS) which led to a $100M+ of bad debt accumulation.
Background
Venus protocol allows the user’s to borrow funds, by depositing XVS as collateral. The borrowed value is always lower than the amount in collateral. If the collateral value declines, the protocol may sell it to recover the loaned amount. At this time, Venus protocol is one of the largest lending platforms on the Binance Smart Chain (BSC). According to DefiStation, Venus is ranked second in terms of TVL (total value locked) on BSC. Venus uses its governance token, XVS, for on-chain voting by the community.
On May 18th, the XVS token’s price was manipulated to borrow more BTC and ETH. And when the price declined and the collateral was liquidated, Venus was left with a debt of $100M+. There are different theories regarding this incident. Some blame the Venus team and some blame the Chainlink oracles which Venus uses to track the XVS price.
Events
- On May 8th, Collateral Factor was increased from 60% to 80% for borrowing of funds with XVS as collateral.
- On May 18th, XVS price shot up from $80 to $145 in 3 hours.
- A huge amount of loans were borrowed during this time providing XVS as collateral.
- This led people to sell their XVS to secure profits. In the next 4 hours, XVS price declined sharply to the initial price of $80. This triggered liquidations which led to the $100M+ of bad debt that Venus still can’t recover.
- On May 19th, Venus founder, Joselito Lizarondo, writes a report about the incident describing how all the funds are safe and there were no attacks on the protocol. He states that the price hike was ‘ caused by large market orders and expectation on the new VRT ’. VRT was Venus’s new reward token that was about to launch.
What exactly happened?
Regarding this incident, there are different theories. A research analyst that goes by the username @FrankResearcher on Twitter, has blamed the chainlink oracle used by Venus. According to him the price reported by the oracle was ‘almost double’.
Another theory is that the price manipulation was done by the Venus team. An anonymous user that goes by the username @InsiderVenus on Twitter, has shared some evidence in this blog post.
According to him, the main account involved in this whole incident is 0xef044206db68e40520bfa82d45419d498b4bc7bf.
During this incident, this account received high amounts of XVS from Binance hot wallet. It later supplied those tokens to Venus to increase the collateral and borrow more BTC or ETH. Those borrowed funds were transferred again to Binance. This whole scenario was repeated several times. The total amount of XVS that came into this account was around 912,219. (source)
It is suspected that the funds transferred back to Binance were used to buy more XVS, thus increasing the price and allowing more funds to be borrowed on Venus. When this account stopped transferring funds to Binance and buying more XVS, the market declined sharply. When the price decreased, the collateral was liquidated to cover the loan amount. But the price had declined so much that the amount sold was not able to cover the original loan. This also triggered cascading liquidations.
In the end, this account was left with a 2000 BTC + 10000 ETH debt (100M+ in USD) which it might never pay back to Venus. Then all the amount was sent to a Binance account 0x164a03A5190357A998378DA7eC7E882c090ad029.
@InsiderVenus has provided some evidence which hints at the Venus team’s involvement:
- The Venus team used this Binance account in April 2021, to buy back $3.5M worth of XVS. (source)
- An account, which exploited the Venus protocol in January 2021, for 4000 ETH, also deposited these funds into the same Binance account.
- The reserve wallet address of Swipe (a wallet by the Venus team) has also made deposits into this Binance account in the past.
This suggests that the Venus team might be behind all these price manipulations and the bad loans accumulated by the protocol. Joselito Lizarondo, Venus founder, has written a blog post describing all the event and how they plan to solve them in the future. They have proposed to lower the XVS collateral factor and utilize its treasury funds to cover the losses of its users.
Reach out to QuillAudits
QuillAudits is a smart contracts security audit platform designed and provided by Quillhash Technologies. We offer complete security audit solutions for DeFi & NFT smart contracts and dApps built on major blockchains such as Ethereum, BSC, Polygon, Polkadot, EOS and TRON, along with formal verification to ensure your platform’s integrity. If you need any assistance in the audit of the smart contracts, feel free to reach out to our experts here!