As the most serious security incident in the DeFi market this year, the attack on Venus has been questioned by the outside world.
Original title: “A well-planned conspiracy? On-chain data analysis shows that Venus or the guardian steals itself.”
Written by: Venus Insider
Translation: Chain Catcher Loners Liu, Wang Dashu
In the following article, I will provide data analysis from the browser on the chain to prove that the Venus/Swipe team is related to the Cannon Ignition sales event and this large-scale smashing event, which led to the serial liquidation of XVS.
After the XVS token price on Binance Exchange was significantly manipulated (collateralized and loaned a large amount of BTC and ETH at a high price), the Venus protocol forced the liquidation of more than 2 million XVS tokens, which directly caused a large number of users to suffer losses and liquidation , Resulting in more than 100 million U.S. dollars in bad debts.
Below is a visual flow chart that summarizes my latest related findings. The subsequent part will provide a direct link to the blockchain transaction. You can disbelieve what I said, but you can verify the authenticity of the information I provide.
The next part will provide the transaction address on the chain. The Cannon wallet, the cleared XVS wallet and the Venus/Swipe team’s vault wallet are all directly linked to the same Binance Central deposit address.
Cannon token sale event
Since the last time Swipe Wallet opened the public sale of CAN tokens, Swipe/Venus supported CAN as collateral on Venus for the first time, with a mortgage rate of 60%.
Private equity investors are allowed to mortgage 45% of the circulating tokens in the market and lend 60% of BTC and ETH as collateral. Since the price of CAN feed is the price on Uniswap, the price above is raised, and then about 70 million US dollars of BTC (2000 BTC) and 8 million US dollars of ETH (7000ETH) are lent at the high point. Because of CAN The token itself is extremely illiquid and therefore has a high risk of liquidation losses.
Swipe founder Joselito Lizarondo’s report on this incident can be found here.
Then the user provided us with the arrears, and we packaged it on the BSC so that the mortgagor could reduce the risk exposure, and we could also recover the liquidity provided.
However, after the dust settled, in fact, despite the above explanation, these funds were “repaid” and then generated more than 4000 ETH bad debts.
There are currently 3 holders of vCAN (Venus Protocol Mortgage CAN Deposit Certificate). The addresses of the first two holders have arrears of more than 2036 ETH on the Venus Protocol. According to the report of the above incident, these two addresses are confirmed to belong to The same entity.
0x33df7a7f6d44307e1e5f3b15975b47515e5524c0 This address is used to mortgage CAN tokens and lend BTC and ETH to Binance’s wallet address: 0x164a03a5190357a998378da7ec7e882c090ad029. Then I will call this wallet “0x164…029 Binance Wallet”.
Although all the BTC and 3000 ETH of the 7000 ETH were repaid, the debt of 4000 ETH has not been repaid. As of today, these debts have accumulated to 4076 ETH. This is because the Venus agreement needs to provide interest to the ETH supplier, although these funds do not seem to be The meaning of wanting to repay.
XVS lends wallet address 0xef…7bf
In the past 100 days, this account has been rigorously scrutinized by the community, and the Venus team also strongly stipulated that 450,000 XVS loans went online, and this account borrowed approximately 330,000 XVS. According to the setting of Venus, there is a reward of 3000 tokens per day for XVS deposits, 50% of which are rewarded to the supplier and 50% to the borrower. In other words, this account can get XVS every day, and soon this account becomes the largest holder of XVS, with a maximum of more than 1 million XVS.
The community continues to question why the Venus/Swipe team allows this situation to continue?
Question: Only a few people participate in XVS lending, but the rate of return is surprisingly high. How does Swipe deal with the interest rate?
JL: This is a basic setting and needs to be consistent. Currently, as everyone knows, the market response (determining the return of each market) is divided between borrowers and suppliers. Because of the lending limit, no one can maliciously lend a large amount of XVS to initiate proposals. They need to actually participate in the game, which means buying or participating through mining.
Although the annual rate of return in the XVS lending market is high due to security, the exit of security is a heavy burden for those who want to get a share of the pie. Those lucky ones are early users who took advantage of the lending ceiling. This is the basis of FCFS. The advantage is that almost everything, especially the biggest thing, is to reassemble the content displayed from the data on the chain back into the agreement.
Venus Protocol AMA on April 1st
On May 8, the VIP-22 proposal was passed and the mortgage rate of XVS (and others) was increased from 60% to 80%.
On May 18th, wallet 0xef…7bf received multiple XVS transfers from Binance Hot Wallet. The timing of these transfers is consistent with the big rise on the XVS token. Here are the filtered views of 0xef…7bf. The total amount of XVS received during the above-mentioned surge was 912,219.95 XVS. All these additional funds were provided to Venus, making the XVS wallet balance 0xef…7bf more than 2 million XVS.
The process observed on the blockchain is as follows:
(1) Receive XVS transfer from Binance Hot Wallet
(2) Provide Venus to increase collateral
(3) Borrow more BTC/ETH to a higher account limit
(4) Transfer out BTC and return to Binance
… repeat
https://bscscan.com/tokentxns?a=0xef044206db68e40520bfa82d45419d498b4bc7bf&p=76 transactions
From the above chart and blockchain snapshot, I strongly suspect (some Binance can confirm) that the withdrawn funds are used to continue buying XVS, pushing the price up, and repeating the above process within 2-3 hours as currently in As you can see on pages 76 and 77 of the transaction log-above is a screenshot of the display. Once XVS is no longer actively purchased, the market will begin to fall, which directly leads to the lack of collateral in the 0xef…7bf wallet, followed by serial liquidation.
Due to the increase in the price of XVS, 0xef…7bf can basically redeem its XVS, including more than 1,000 tokens obtained by the system every day, and the price is much higher than the external market value. When the dust settles, 0xef…7bf will have no collateral, only 2000 BTC of debt.
After withdrawing BTC from 0xef…7bf account, I found that they were sent to 0x04ebe08a11eafa75c913465e2bcdd34b133f7ed1.
Soon after reaching this wallet, the funds were sent to “0x164…029 Binance Wallet”. It can also be observed that on March 8th, 0xef…7bf directly sent 27 BTC to “0x164…029 Binance Wallet”. 53 days after the Cannon incident and 71 days before the XVS liquidation incident.
Therefore, in view of the above situation, we can directly link the CAN incident with the liquidation of XVS’s alleged price manipulation. One question I want to ask is, once the Swipe team feels it is necessary to terminate the association with a disputed Venus protocol address, why doesn’t the team immediately take measures to reduce the risk? Why is this blockchain address not being continuously monitored by the team?
Connect with the Swipe/Venus team
a. Venus repurchase and destruction
On April 26, VIP-16 passed a proposal to buy back and destroy $3.5 million XVS from the market. In the proposal, the Venus/Swipe team requested that the funds be sent to 0x74574937281B91cd708AbA6522287b78b3243EE7.
2.5 million USDT was then sent to “0x164…029 Binance Wallet”. 20 minutes later, 31979.9961 XVS was repurchased and destroyed.
b. Transaction with Deployer and 0xfe…7bf wallet
Note that the wallet 0x733657b431a35f0283c33de0dd7fd293a8f1a15a sent the address to the “Venus: Deployer” team address on November 25, 2020. The Deployer address is the address where all Venus contracts are created.
Then it was observed that 77 days ago, the remaining assets in this wallet were sent to 0xef…7bf, thus establishing a direct link between the beneficiaries of the team wallet and XVS loans and the accounts that were eventually liquidated due to suspected price manipulation.
c. Transaction from SXP Eco Wallet
It was observed that “0x164…029 Binance Wallet” received a large number of high-value SXP transfers, with a total value of more than 120 million tokens.
The source of these transfers comes from “BSC: Token Center”. The transfer is initiated on the Binance Chain, and all transfers come from the wallet bnb1rcq2vzuzzvw5unqfkwylt5r5wxks73tck0sf4s For example: txid B34…293.
On March 1, 2021, the wallet received 100,000 SXP from bnb1c8wmwh6yvv4w6v9df0yzt23w4r0wus5lqh58mj. Then on April 15, it received another 50 million + SXP.
bnb1c8wmwh6yvv4w6v9df0yzt23w4r0wus5lqh58mj initially received 120 million tokens from the generated SXP address. Check out the original SXP white paper, which outlines the distribution of tokens as follows:
SXP original white paper token distribution
Therefore, the wallet*8mj is the swipe team wallet of the ecosystem reserve.
Therefore, connect all the points; the last question is also a question for which I cannot find a logical explanation/answer. Considering that the Cannon incident occurred on January 14, 2021, why did the Swipe team transfer funds from the ecosystem reserve on April 15 to the same Binance deposit address that the Cannon entity transferred to. I have looked for any reasonable explanation here, except that all these events are carefully planned internal operations to enrich the project team, and cannot draw any conclusions.
In the final analysis, the ultimate loss is the community user funds, not the agreement funds. So far, a total of about 2000 BTC and 10000 ETH have been lost.
Earlier today, the Venus team made the following updates:
The first proposal of the VGP will be to solve the system deficiencies of BTC and ETH.
If the information I have recorded is correct, then the first proposal is to transfer XVS from the Ministry of Finance in exchange for the ETH and BTC that the team already owns-no doubt sold at a discounted price.
I can no longer remain silent. I call on CZ to intervene immediately, investigate and confirm my findings, and remove this corrupt team.
Supplement 1:
0x0c1e306d12c55d92f0c56e19ee86bbabb71642024d2bdec7a301dea6452973e1 is one of several transaction addresses, among which the wallet 0xef…7bf sells a large number of VAI tokens at a price lower than the peg. Many people in the community complained about the lack of hookups, which seems to be blamed on insiders.
There is another wallet that owes the agreement 5800+ETH, and withdraws the last 1400 ETH 15 seconds before the start of the liquidation. I didn’t find a direct connection between this account, but I find it hard to believe that, due to the time and amount of XVS transfer, it is not involved in some way compared to other accounts.
Supplement 2:
After this article was published, the Venus team approached me to discuss this article and tried to clarify my misunderstanding. However, the few questions I raised still exist. I was told that the Venus team will provide me with the latest situation of the questions asked at an appropriate time. If there is the latest development, the article will be updated/clarified as necessary.
