Cyber Incident Victim: Venus Protocol
Date:
May 2022
Location:
United States of America
Summary
A decentralized money market suffered an $11 million exploit following the collapse of the Luna cryptocurrency and its associated stablecoin, which created extreme market conditions. The protocol's price feed was automatically paused by its oracle provider due to these conditions, causing a discrepancy between its internal asset valuation and the actual market price; attackers exploited this by depositing 230 million LUNA to borrow $13.5 million. The affected platform suspended the LUNA market and temporarily paused user activities, while another related platform lost $8.3 million in a similar attack. The oracle provider acknowledged the incident and planned security adjustments to prevent future occurrences.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 12, 2022, Venus Protocol, a decentralized money market platform, publicly disclosed an $11 million financial loss stemming from exploitation activities tied to the catastrophic collapse of the Terra ecosystem’s Luna cryptocurrency and its algorithmic stablecoin UST. The incident occurred amid unprecedented volatility across cryptocurrency markets, with Luna’s value plummeting to near-zero levels following the destabilization of UST’s peg. Venus Protocol attributed the exploit to a critical desynchronization between its internal asset pricing mechanism and real-time market conditions. Chainlink, the oracle provider supplying price feeds to Venus, automatically activated a circuit breaker mechanism in response to extreme market turbulence, pausing LUNA price updates. This resulted in Venus Protocol maintaining a stale LUNA valuation of $0.107 per token while the actual market price had collapsed to approximately $0.01—an order-of-magnitude discrepancy. Attackers capitalized on this pricing lag by depositing 230,000,000 devalued LUNA tokens into Venus Protocol and borrowing $13.5 million in other assets against this artificially inflated collateral.
Venus Protocol’s response included immediate suspension of the LUNA market and implementation of a 48-hour user activity pause to contain further exploitation. Chainlink confirmed its circuit breaker function operated as designed without manual intervention, emphasizing its role in preventing potential market manipulation during abnormal volatility. The incident demonstrated cascading risks across decentralized finance (DeFi) ecosystems, with Blizz Finance—another platform utilizing similar oracle infrastructure—reporting a related $8.3 million loss under comparable circumstances. Chainlink acknowledged the operational impact of these events and announced plans to recalibrate security parameters governing oracle feed behavior during extreme market phases. Financial impacts were confined to protocol losses from exploited collateral mismatches, with no reported breaches of underlying smart contract code or additional system compromises beyond the LUNA market suspension. The event underscored systemic vulnerabilities in DeFi price oracle reliance during black swan market events.