Venus Protocol, one of the largest lending platforms on the BNB Chain, was hit by a suspected exploit on Tuesday with attackers seemingly draining an estimated $27 million worth of assets.
On-chain sleuths said they suspect the protocol’s Core Pool Comptroller contract was updated to a malicious address, which then siphoned off tokens including vUSDC and vETH.
Security teams are tracking the stolen assets and the Venus community has yet to issue an official statement.
The funds remain in the attacker’s contract and have not yet been swapped, leaving open questions about whether the exploit will evolve into a full-scale cash-out.
Venus functions as a money market on the BNB Chain, allowing users to deposit assets such as stablecoins and major tokens to earn interest, while borrowers post collateral to take out loans.
Its native token, XVS, plays a role in governance and protocol incentives. At its peak, Venus held over $7 billion in assets, making it a core part of BNB Chain’s DeFi ecosystem.
(This is a developing story.)