Venus Protocol Exploit Drains $27M on BNB Chain
Venus Protocol exploit on BNB Chain drains about $27 million in a suspected smart contract compromise. Attackers updated the Core Pool Comptroller contract to a malicious address. The malicious update siphoned Venus tokens including vUSDC and vETH. Security teams are now tracking the stolen assets. The Venus community has not yet issued an official statement. Funds remain in the attacker’s contract and have not been swapped, raising questions about a potential full-scale cash-out.
Venus Protocol allows BNB Chain users to deposit stablecoins and major tokens to earn interest, while borrowers post collateral to take out loans. Its native token, XVS, underpins governance and protocol incentives. At its peak, Venus held over $7 billion in assets, making it a core part of the BNB Chain’s DeFi ecosystem.
Bearish
The Venus Protocol exploit is bearish for the BNB Chain and the broader DeFi market. Similar smart contract compromises—such as the Cream Finance hack—triggered immediate price declines and liquidity withdrawals across affected platforms. In the short term, traders are likely to reduce exposure to Venus tokens and related BNB Chain assets, putting downward pressure on XVS and other native tokens. Heightened security concerns may erode investor confidence in DeFi, slowing new capital inflows. Long term, if Venus promptly patches the vulnerability and compensates users—as seen with prior protocol recoveries—the impact could moderate. However, until proof of fund recovery and independent security audits emerge, selling pressure and risk aversion are expected to persist.