Venus Attacker Launders $4.7M as XVS Token Drops 9%

Attacker Launders $4.72M in Stolen Crypto via Cross-Chain Bridge

The individual behind the recent Venus protocol exploit has converted stolen assets worth approximately $4.72 million into Ethereum and transferred the funds off the BNB Chain. The laundered assets, which included 2,178 BNB, 20 BTC, and 1.466 million CAKE, were consolidated into 2,257.3 ETH. The attacker then used a cross-chain bridge to move the full amount to the Ethereum network, a common tactic used to obscure the origin of illicit funds and access deeper liquidity.

This movement represents the latest step in a sophisticated attack that began on March 16. The initial stages were funded with 7,400 ETH withdrawn from the mixing service Tornado Cash, signaling a well-capitalized and planned operation from the outset. By moving the proceeds to Ethereum, the attacker can more easily liquidate the holdings or route them through other decentralized finance protocols.

Exploit Left Venus With $2.15M Bad Debt

The attack was executed through careful manipulation of the market for Thena's THE token. Over a nine-month period, the attacker accumulated 12.2 million THE tokens, equivalent to 84% of its circulating supply. The critical move involved donating 36 million THE tokens directly to the protocol's contract, bypassing supply caps and artificially inflating the collateral's exchange rate by 3.8 times.

With this inflated collateral position, the attacker borrowed millions in other assets. They then used a portion of the borrowed funds to purchase more THE on the open market, driving its price from approximately $0.26 to a peak of $0.56. When the attacker sold off their THE holdings, the price collapsed over 17%, triggering liquidations. Because the collateral's value plummeted so quickly, the protocol was left with an unrecoverable shortfall of $2.15 million in bad debt.

Venus Token XVS Falls 9% as Protocol Responds

News of the exploit and the resulting bad debt sent the price of Venus's governance token (XVS) down by more than 9% in 24 hours. The decline significantly outpaced the broader market, which saw the CoinDesk 20 index fall 4.6% during the same period, indicating a targeted loss of confidence in the Venus protocol.

In response, the Venus team paused all borrowing and withdrawals for the THE pool and reduced the collateral factor to zero for seven other assets deemed at-risk. The protocol acknowledged that the attacker's address had been flagged by community members prior to the incident but stated it could not act on suspicion alone without an exploit occurring.

Venus is a decentralized protocol. As a permissionless protocol, we cannot and should not freeze or blacklist addresses based on suspicion alone.

— Venus Protocol

Governance is now expected to vote on using the protocol's risk fund to cover the $2.15 million loss. The incident serves as a stark reminder of the risks associated with low-liquidity assets and oracle manipulation within decentralized lending markets.