Venus protocol exploit, $200m liquidated, $100m bad debt
Hi there students,
I had just created my account and was writing my first article about the future of DeFi, when I saw the news that Venus protocol was exploited. One of the things I love to analyze are exploits, to see how people manage to bypass security systems to make money from the protocols. Let’s dive into it!
- What is Venus protocol?
Venus protocol is the biggest decentralized money market on BSC. It basically allows users to lend their cryptocurrencies to earn an interest, or borrow and pay the interest. The way it works is simple: if you provide your cryptocurrency to the platform, the platform will give you a certain % of allocation to borrow. For example, if you deposit 20 BNB to the platform which is worth 10,000 USD, the platform allocates 80% of the amount for your borrowing limit, which means you can borrow 8,000 USD worth of tokens on the platform.
2. How did this protocol get exploited?
It seems that the exploiters used a significant amount of capital to push the price of XVS (native token of Venus Protocol) to almost 2x its original price. The trading volume increased from $300m USD to $1 bn at the peak price. And then we can see 2 exploiters doing similar things:
- A: After pumping the XVS price, they withdrew ~1 million XVS from Binance. And then, they put 1 million XVS on Venus protocol as a collateral at peak price. With this collateral, they were allowed to borrow 4200 BTC from Venus protocol, that they seem to have sent to Token Hub. With the XVS price coming down after the pump, the 1 million XVS collateral got liquidated at ~$80/XVS, leaving $80m of bad debt to the platform. So how much did the guys make? Before the pump the price of XVS was ~$80/XVS. So they invested $80m to pump the price and get 1m XVS that they put as collateral. They gave up these 1m XVS as they got liquidated, but came out with 4200 BTC, worth $168m. So they made a net gain of $88mUSD!
- B: Another transaction was made at a smaller scale. 490k XVS were withdrawn from Binance and put as a collateral. These guys were a bit late, and put their collateral at ~$100/XVS. This allowed them to borrow 13400 ETH that they moved to Token Hub as well. 13400 is worth $39m, and 490k XVS got liquidated. Depending on their dollar cost average of their XVS, these guys might not have been that profitable. But not a bad situation for them as the price of XVS came down significantly now.
3. Is it fair to call this an exploit?
This is a bit tricky.
For A: The question is whether the price pump was intentional, or they just saw a market opportunity and took it. For example, if they were just a XVS hodler that were already holding 1m XVS, and then saw a price pump happening and did this, this wouldn’t be an exploit. If they intentionally pumped the price to do this, it would be one (whale attack).
For B: Personally, given how late they were in the game, I would say they just saw this happening and piggy backed on top of it.
Economically it makes sense, but ethically, leaving a platform with $100m worth of bad debt isn’t really an example of good behavior, so let’s just call it an exploit shall we?
I guess what’s important to say is that the Venus protocol worked the way it should be working given any market situation. But they might need to have a look at their collateral factor as any price spike would allow similar operations to happen again.
I hope you enjoyed it, I’ll be back with new contents soon!
