Coverage for Vanguard/Stars Social Engineering Incident Lossage

Summary

If passed, this proposal will allocate funds from the Venus Treasury to cover approved Venus community managed budgets (Venus Vanguard, Venus stars) stolen during a social-engineering exploit on November 28, 2024. The attack occurred under the guise of a Business Development call with exploiters posing as a known Venture Capital firm. A police report has been filed and provided to the ZeroShadow.io team as well as the incident details allowing ZeroShadow to validate the incident and take actions.

This proposal addresses the budgets lost in the amount of $681,190 as of November 28, 2024 across BNB Chain, Arbitrum, and zkSync Era. See the “Details” section for detailed token losses, TX IDs, and associated USD values.

Details

On November 28, 2024, a group of malicious actors impersonated a reputable VC fund and scheduled a BD meeting with members of our Growth team. During the call, they exploited remote-access vulnerabilities through a sophisticated zoom hijack and orchestrated a series of unauthorized transactions draining multiple hot wallets used to provide liquidity on DEX’s, performing manual XVS Buybacks and paying for the day to day operational expenses and global activities of the Venus Stars and Vanguard programs. Assets ranging from stablecoins (USDT, USDC, VAI) to staked tokens (BTC, ETH, XVS, THE, BNB, etc.) and cross-chain funds on BNB Chain, Arbitrum and zkSync were stolen. Part of the funds in question were part of the Liquidity management proposals (VIP-297 and VIP-346) that were supplied to DEX’s.

A formal police report has been filed, and internal forensics, along with ZeroShadow audit logs, corroborate the sequence of events leading to this exploit. We request reimbursement from the Venus Treasury to restore balances impacted by this breach. Below are the main details of each affected account, along with the stolen tokens and approximate USD values (as of November 28, 2024):

1. Account 0x2c7a1398368a38489bb6dc53b79b3e416b531636
(Vanguard Lead LP’s and Funds)

● BNB Chain
○ 0xfdedf5b00dad2ef12b4e4706e79c226e909586b17766cb40cfb7943d8f8e6bb5 → 29,445,966.4653 vUSDT ($727,092.78)
○ 0x1a2bd0724f0005795d01037c0a634b6d6c6f7ad8a65079e43b9fa5b1286edd82 → 1,419.7681 THE ($4,659.23)
○ 0x0a5aeb1f65f9ab4f546bf6ceda26942fb6f4b0b28c767cedaed5fe75dc333a4d → 17.1829 ETH ($61,486.36)
○ 0x4e5592a2a1a8dc65d3e0893b0e2b8b09248bb4bae32080ad4bcef1b6d3302f96 → 302.4376 THE ($992.5)
○ 0x3ea1fe137981884b78ccb32662a73430d8517ffe544f30be8f6c1a13d9794999 → 0.1164 BNB ($76.13)
○ 0xcf8ec3d58332b567e19c47127511548289fddbb69179bd0750bf38448fa9942e → 0.009066 BNB ($5.93)
○ 0xa36de31d00df475cecdcdb1c89c396986053edd3014e7cec410dc15e2ed75415 → 9.1472 WBNB ($5,985.02)
○ 0x3cefdd9ce99911ab9d659caf320d3a5896676104009166155ea55e3aa841d2b9 → 689.7287 FIL ($4,010.27)
○ 0x932ab15ea904dfb2e7d6ba3f42903efedc9347a48bc02129a54f09743f2cc1fe → 0.7648 BTCB ($73,138.4)
○ 0x6aedbaa3651a5b4a5d8af39494d908f8c8610fb4290400efc8f5802efe8fde13 → 2.4513 ETH ($8,771.74)
○ 0x4c3f4fa45442fae0765f607235358a72ce081fb97db815dbf91028c502a9936c → 99.2973 XVS ($929.61)
○ 0x11c4f80e6e0fd2900021a659d3a6d082981dcf2798707660a483276a49331309 → 28,264.7811 qTHE ($17,785.38)
○ 0xd8d216d3daf33eb68f7d2415cd8ed5b899c19898b03dd70c19ddeb0cdd098647 → 4,575,683.8546 QUO ($18,003.58)
○ 0x72f207a7c2837298373f7bfe1fea338b0ae949ec00f15ce70d488f4b12d02d16 → 22,999.5465 liveThe ($26,390.36)
○ 0x3c65d2017ea1f9ee8c81e14a8ff093dd9df8427c8e8c6660cbb40666490023fa → 62.0571 WBNB ($40,603.98)
○ 0xc1cdefc1f1709c182fca40bf5323b3241c02877c8eafe5395ad868e84246cd67 → 4,957.0289 THE ($16,267.41)
○ 0x477c3780b4141fba9dc8256b66329deabbc38cb43b975bb2fba1a4ada3655c85 → 0.004508 BNB ($2.95)
● Arbitrum
○ 0x5253f10dffcdc283b31118596b8d511335c042a531b8d81abd4c519b71541d61 → 8,259.5424 USDT ($8,260.12)
○ 0xfa799078001b39837c1d8ab23b169987f0ca8a03bf005d861aa40489492de59f → 0.006 ETH ($21.47)
○ 0xacc8cbde3280c951bc7f3fe2528dbf876323d4b4a281a21953ae7a5664860705 → 0.0003959 ETH ($1.42)
● Liquidations BNB Chain
○ 0x79d92fe57b197f3ae5b81b4e45bb78f75a5d77c02b8ce418b295e2fc6691d882 → repaid 13 ETH ($45.07k) and $49.52k USDC

2. Account 0xc444949e0054a23c44fc45789738bdf64aed2391
(Venus Stars Operations)

● BNB Chain
○ 0xc9d8860ebbb2a231adce76adf45128f672b8c1b0e3f06033902eb3e25e2b98d9 → 25,400.523 USDT ($25,402.3)
○ 0x6b04c3a323026853d2d38d02cc470481bcd51d097175d8dcf4fea32996654049 → 195,596.6436 VAI ($195,596.6436)
○ 0x0c27c659fd99a10d503370957e1cb2848db9bdad93819f640b34f5c841a86e51 → 2,062.1763 XVS ($19,305.88)
○ 0x3a2d478f1c464537cec662f3d443ab7afba2e7a59651423caeb13abfb931414a → 126.9364 vBNB ($2,038.79)
○ 0x3bfe221e2344039a75274a58a27456ac8006fedc89c78e75fe287f0b5b54a8ef → 11,053.2196 USDC ($11,052.11)
○ 0x687b83e0b12a6cbb391d084e58ad35dbeaf51b25f324f1f9701dd8d2fd60fbd6 → 449.7948 LISTA ($250.1)
○ 0x0a8feb233f51b012626add7da54bf4753e16bbaee0f80bc3b0e0de1a06ccd608 → 13,418.7262 THE ($44,036.04)
○ 0x7955f95f28539d0222b97666c885ba277bbf840c1d1543e3ec949d96ccf300d4 → 49.2453 WBNB ($32,221.2)
○ 0xdd8df85213e14fe3a9b954159faf05de8ed74a26f5c8a5ff8a00582bfb451b03 → 3,657.2303 THE ($12,001.88)
○ 0x25f53a06170ff408cdb57dd73e0acba40e32f4d634aae32fb691677bab559186 → 0.2666 BNB ($174.42)

3. Account 0xdea0b46950ddc377e71800deba8f52456a7e42ee
(Vanguard LP’s and Operations)

● BNB Chain
○ 0x15aee8a889b5e128dd85a982365792aeaf70d93993b37968662a548f44b4f442 → 646.947 WBNB ($423,297.44)
○ 0x6ba2ba41fd1340f0e223ff17ff2e59035df86b08572cb2a0fc1a04ea2d101e53 → 16,702.062 THE ($54,810.91)
○ 0x4e59c1162a844435ed8b526e461ca9d84f78d2ff73953fb281fa7da98fdab22b → 22,073.9189 XVS ($206,653.73)
○ 0x06c0b73f6599e0842722eaa60cca25ff2457d5ff0be82e1e86d175d79ce2a3a7 → 108,337.5924 USDT ($108,345.18)
○ 0xdaf24d900c7307feacddd2acba3d158679390c01044f4dc0ea96d9fab2cb0230 → 58,001.5369 USDC ($57,995.74)
○ 0xf9116efc9dda4821172ec4251d30f37da8a8d0eb0d57c24cffc585aa83a2a127 → 0.03 BNB ($19.63)
● ZKsync
○ 0x1ae699a6fd9317f75016042fa52dfebbbfde677c7293bddcaf4892d01bea048b → 226,670.2745 USDC ($226,647.61)

4. Account 0xf80cc452b4531cff69e9cef70d071a6b714d3313
(LP / XVS Buybacks Fund reserve)

● BNB Chain
○ 0x02014fe800bb7dc74b2cbb66be085076388a561fede9b981b066715bae47aaa5 → 76,994.3436 USDT ($76,999.73)
○ 0x816dcdd3bd196f6561427f385006eb24f6bc01f4e72e197df926e9e18723d0c0 → 21,259.8155 USDC ($21,257.69)
○ 0x0587d9185c59ba5b2a30f0973091d454c59dca4982f70c399f89eebaa82035fa → 0.006863 BNB ($4.49)

Budget impact

The following is the financial lossage for each program denominated in USD since the program budgets were originally allocated in stables.

image751×141 3.07 KB

Assets to be issued

Some program activities depended on LP positions that were impacted, therefore the assets are requested to be issued for dual sided liquidity provision:

image748×271 7.68 KB

As you’re aware, this security breach occurred in the course of my work and has had a significant impact on me, resulting in the loss of nearly $1 million in personal assets as well.

image730×579 13.9 KB

Conclusion

Operational continuity for Venus Stars and Venus Vanguard are part of Venus community daily business as usual. Within these budgets are stipends and operational funds that are mission critical so I propose first actuating refunds for these budgets and in a following VIP, the MM LP’s.

ok make the refund to recover the lost to take XVS to $100

Let’s do this, team deserve compensation. They really hard trying to maintain Venus.

I fully support the proposal. The past few months have been personally and emotionally challenging following the incident, I stand behind ensuring that Danny is fully restored, allowing him to move forward with his life and wholeheartedly dedicate himself to Venus and its ecosystem, driving its growth to the next level—the one we all believe in and are committed to achieving together.

Without Danny the protocol wouldn’t be where it is now, years of hard work should be compensated properly, I fully support this proposal and looking forward for preV5 from the Vanguard team <3

I advocated for this since day 1 of the incident, I’m glad it’s finally happening, definitely in favour of the proposal, I appreciate Danny taking his compensation in XVS which will lead to bigger motivation and commitment to push the price of the governance token.

I really love to see this proposal passing, would be the most humane thing to ever in DeFi.

These guys work hard for venus to be successful. This loss in form of hack can happen to any of us. Let’s show support and make that fund go back to those who have been hacked. I vote for coverage for Vanguard and venus stars!

Fingers crossed for the heart of Venusprotocol for the people who’s hard work making the success of xvs venus!

Danny is the heart of Venus and everyone knows it, he’s supporting Venus since day one and he really deserve support from community here! Also both Vanguard and Venus Stars teams are active on daily basis (about 16hours on average) to help Venus shine and reach its goals. I fully support this proposal and I hope that community will show some love this time. This incident in the end helped us to move security of Venus and our personal to the absolutely new level.

I support this proposal.
Without Danny, Venus would not be what it is today.
I hope that his strong drive will continue to enhance the appeal of Venus💪

I fully support the proposal and compensation for what happened.

Danny is the first being that comes to mind when Venus is mentioned .Compensation for this incident that he experienced while on duty is definitely a necessary and even overdue solution.

As other branches of Venus, Stars and Vanguard teams are also the best active teams in the ecosystem and have supported Venus at every stage. There are traces of growth and development assignments at every moment. It is essential that this continues and is in the best interest of Venus.

I fully support this proposal. Danny has dedicated his life to Venus for the past 4 years, working 14 hours a day. He has been supporting Venus since day one and truly deserves the support of the community! He is totally long XVS. Despite this incident, the Vanguard and Venus Stars teams have continued to work on their mission, deploying new VIPs every day!

The pre-v5 and v5 releases will be a major milestone for Venus. Future is bright !

I fully endorse this proposal, the support Danny will recieve on this proposal will motivate him ever more. We, the delegators, wanted this proposal launched since december.

The numbers are big and that’s a fact but we have to look at both sides. If we wouldn’t have such people on board there would be nothing left from the Venus Protocol. As a Protocol, Venus is free of bad debt, in addition is generating a really nice income. I believe we can afford to pay for the loses as we need the team to be highly motivated instead of worrying about their life situation.

There is my support on that one.

I would just add to ask Danny to lock all the XVS and that’s it, anyway i believe he will do it himself.

But when you represent Venus, you become a target. You and i could be hacked by an amateur bad player, but the resources used in this hack are government level. So it’s only fair to reimburse Danny, as he was representing venus in that meeting. It also upped the security levels, we could take it as a vulnerability bounty .
Keep going @Danny, comunity has your back!!

I strongly endorse this proposal.
The recent exploit has inflicted significant financial and personal hardships on our community, particularly on Danny, whose dedication to Venus has been unwavering. Compensating his losses with XVS tokens not only addresses the immediate need for recovery but also strengthens our collective resolve to secure and advance the Venus ecosystem. I urge the community to support this measure, ensuring that we restore trust, safeguard our operations, and empower our leaders to continue driving Venus toward a resilient future.

Danny is fully dedicated to Venus, investing all his time to take it and the community to the next level. The team always supports him and works hard. I fully support the proposal. Under Danny’s leadership, we will rise to the top once again.

i support fully this proposal

The Venus family will never leave Danny alone and we, as the Turkish community, give our full support. Please do what is necessary because Danny has done so much for us.

I stand by compensating the damage to the community wallet, which was lost due to a cyber attack on our leader, who has been working tirelessly for Venus Protocol day and night.

I am reminded of the phrase: it’s not so much how hard you hit as how hard you can take a punch.
I believe that this situation is definitely a serious blow and our task is to unite around the problem and solve it the only way we can - vote in favor.
Only support in this situation will show the strength of everyone involved in the Venus protocol.