Historical bad-debt events

Venus Protocol's assessment for RD-F-067 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Four documented bad-debt incidents: (1) May 2021 XVS oracle manipulation: ~$100M bad debt (4,100 BTC + 9,600 ETH); (2) May 2022 LUNA/UST collapse (stale Chainlink oracle): ~$11–14M bad debt; (3) February 2025 ZKSync donation attack: ~$717K net bad debt; (4) March 2026 BNB Chain THE donation attack: ~$2.15M bad debt. Total approximately $114M across four distinct incidents. The 2021 and 2022 bad debt was never fully repaid from on-chain reserves. The March 2026 bad debt repayment proposal (~$2.2M from Treasury + Risk Fund) was in community discussion as of March 20, 2026, with execution status unconfirmed as of 2026-04-28. Incidents 3 and 4 are same-root-cause repeats (Compound-fork donation attack), post-Code4rena-2023 disclosure. This is the clearest red factor beyond F070 itself.

Sources #

URL
200M Venus Protocol Hack Analysis — QuillAuditsQuillAudits — $200M Venus Protocol 2021 XVS hack analysisretrieved 2026-04-28
URL
BNB Chain THE Market Bad Debt Repayment — Venus GovernanceVenus Community — THE Market Bad Debt Repayment proposal (~$2.2M from Treasury + Risk Fund)retrieved 2026-04-28
URL
Collapse of LUNA leads to $11M exploit on Venus ProtocolRecorded Future — 2022 LUNA/UST Chainlink oracle stale price exploit ($11–14M bad debt)retrieved 2026-04-28
URL
https://blocksec.com/blog/venus-thena-donation-attackretrieved 2026-05-06

Methodology #

Count and sum (USD) the number of documented bad-debt events where the protocol socialized losses across depositors.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-067 score red collected_at 2026-04-28 18:30:49