Prior exploit count
Venus Protocol's assessment for RD-F-077 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
4 distinct protocol-exploiting incidents: (1) 2021-05-18 XVS oracle manipulation ~$95-100M bad debt partial recovery; (2) 2022-05-12 LUNA stale-price oracle $13.5M bad debt partial recovery; (3) 2025-02-27 ZKSync donation attack $716K bad debt partial recovery; (4) 2026-03-15 BNB Chain THE donation attack $2.15M bad debt no confirmed recovery. Threshold: >=2 exploits with unrecovered loss = red. Venus has 4 exploits and unrecovered losses confirmed across multiple incidents. September 2025 phishing ($27M at risk, $13.5M recovered) classified as user-phishing not a protocol smart contract exploit and excluded from this count.
Sources #
- GovernanceTHE Market Incident Post-Mortem — Venus CommunityVenus THE market incident post-mortem — March 2026 $2.15M bad debtretrieved 2026-04-28
- Post-Mortem: wUSDM Donation Attack on Venus ZkSyncVenus ZKSync wUSDM donation attack post-mortem — Feb 2025 $716K bad debtretrieved 2026-04-28
- LUNA Collapse Leads to $11M Exploit on Venus — The RecordThe Record — 2022 LUNA/UST oracle stale price exploit on Venus resulting in ~$11M bad debtretrieved 2026-04-28
- $200M Venus Protocol Hack Analysis — QuillAuditsQuillAudits analysis of 2021 XVS price manipulation and ~$200M bad debtretrieved 2026-04-28
- Venus Protocol — Rekt IVRekt.news Venus Protocol REKT IV — March 2026 THE exploitretrieved 2026-04-28
Methodology #
Count the number of distinct incidents in the hack database affecting this protocol.
See the full factor methodology and distribution across all protocols →