Venus Protocol, a major money market on the BNB Chain, was hit by a suspected exploit on Tuesday that appears to have drained an estimated $27 million in assets. On-chain investigators say the protocol’s Core Pool Comptroller contract was updated to a malicious address, allowing an attacker to siphon tokens including vUSDC and vETH.
The stolen funds remain parked in the attacker’s contract and have not yet been swapped, leaving open the possibility of a larger cash-out. Security teams are actively tracking the flows on-chain, but the Venus community has not issued an official statement at the time of reporting.
Venus functions as a decentralized money market where users deposit assets to earn interest and borrow against collateral. Its governance token, XVS, and the protocol’s liquidity are central to BNB Chain’s DeFi ecosystem — at its peak Venus managed over $7 billion in assets.
Why this matters: an exploit against a core contract can undermine lender confidence, squeeze liquidity and raise questions about governance controls that permit contract updates. If funds are moved into swaps or mixers, recovery becomes more difficult and on-chain tracing becomes more time-sensitive.
This is a developing story; expect updates as investigators and security teams publish on-chain traces and the protocol responds. Source: CoinDesk. Read the original coverage for full details.