A carefully planned conspiracy? On-chain data analysis shows Venus may be embezzling

This article was published on the Venus Insider's blog and translated by Chain Catcher Loners Liu and Wang Dashu.

In the article below, I will provide data analysis from on-chain browsers to prove that the Venus/Swipe team is related to the Cannon Ignition sale event and the recent large-scale liquidation event, which led to a chain of liquidations of XVS.

After the price of the XVS token was significantly manipulated on Binance (with a large amount of BTC and ETH mortgaged and borrowed at the price peak), the Venus protocol forcibly liquidated over 2 million XVS tokens, directly causing significant losses and liquidations for many users, resulting in over $100 million in bad debts.

Below is a visual flowchart outlining my latest relevant findings. The subsequent sections will provide direct links to blockchain transactions; you may not believe what I say, but you can verify the authenticity of the information I provide.

The next section will provide on-chain transaction addresses, where the Cannon wallet, the liquidated XVS wallet, and the treasury wallet of the Venus/Swipe team are all directly linked to the same Binance central deposit address.

1. Cannon Token Sale Event

Since the last public sale of CAN tokens by the Swipe wallet, Swipe/Venus immediately supported CAN as collateral on Venus, with a collateral rate of 60%.

Private investors were allowed to mortgage 45% of the circulating tokens in the market and borrowed 60% of BTC and ETH as collateral. Since the price feed for CAN used the price on Uniswap, they inflated the price above and then borrowed approximately $70 million in BTC (2000 BTC) and $8 million in ETH (7000 ETH) at the peak. Due to the extreme lack of liquidity of the CAN token itself, there was a high risk of liquidation losses.

The report by Swipe founder Joselito Lizarondo regarding this event can be found here.

Then the user provided us with the debt, which we packaged on BSC, allowing the mortgagors to reduce their risk exposure, and we could also reclaim the liquidity provided.

However, after the dust settled, despite the above explanation, these funds generated over 4000 ETH in bad debts after "repayment."

Currently, there are 3 vCAN (Venus protocol deposit certificates for mortgaging CAN) holders, with the first two holders' addresses having over 2036 ETH in debts on the Venus protocol. According to the report of the above event, these two addresses are confirmed to belong to the same entity.

The address 0x33df7a7f6d44307e1e5f3b15975b47515e5524c0 mortgaged CAN tokens and borrowed BTC and ETH, sending them to the Binance wallet address: 0x164a03a5190357a998378da7ec7e882c090ad029, which I will refer to as the "0x164 … 029 Binance wallet."

Despite repaying all BTC and 3000 ETH of the 7000 ETH, there remains a debt of 4000 ETH unpaid. As of today, this debt has accumulated to 4076 ETH because the Venus protocol needs to provide interest to ETH suppliers, even though it seems these funds have no intention of being repaid.

2. XVS Borrowing Wallet Address 0xef…7bf

For more than 100 days, this account has been under strict scrutiny from the community, and the Venus team has strongly set a borrowing limit of 450,000 XVS, while this account borrowed about 330,000 XVS. According to Venus's settings, there is a daily reward of 3000 tokens for XVS deposits and loans, with 50% rewarded to suppliers and 50% to borrowers. In other words, this account can earn XVS daily, and soon it became the largest holder of XVS, exceeding 1 million XVS at its peak.

The community continuously questioned why the Venus/Swipe team allowed this situation to continue.

Q: The borrowing of XVS has only a few participants, yet the yield is astonishing. How does Swipe handle this interest rate?

JL: This is a basic setting that needs to remain consistent. Currently, as everyone knows, the market's reaction (which determines the returns of each market) is distributed between borrowers and suppliers. Because there is a borrowing limit, no one can maliciously borrow a large amount of XVS to initiate proposals; they need to genuinely participate in the game, which means purchasing or participating through mining.

Although the annual yield in the XVS lending market is high due to security, the exit from security is a heavy burden for those wanting to share in the profits. Those lucky enough are early users who utilized the borrowing limit. This is the basis of FCFS. The benefit is that almost everything, especially the largest amounts, is recombined back into the protocol from what is shown on-chain.

On April 1, Venus Protocol held an AMA.

On May 8, the VIP-22 proposal was passed, raising the collateral rate for XVS (and others) from 60% to 80%.

On May 18, wallet 0xef…7bf received multiple XVS transfers from the Binance hot wallet. The timing of these transfers coincided with a significant surge in the XVS token. Here is a filtered view of 0xef…7bf. The total amount of XVS received during the aforementioned surge was 912,219.95 XVS. All these additional funds were provided to Venus, causing the XVS wallet balance of 0xef…7bf to exceed 2 million XVS.

The observed process on the blockchain is as follows:

(1) Received XVS transfers from the Binance hot wallet

(2) Supplied to Venus to increase collateral

(3) Borrowed more BTC/ETH to higher account limits

(4) Transferred BTC back to Binance

…… Repeat

May 18 XVS-BUSD chart

https://bscscan.com/tokentxns?a=0xef044206db68e40520bfa82d45419d498b4bc7bf\&p=76 transactions

From the above charts and blockchain snapshots, I strongly suspect (which some at Binance can confirm) that the withdrawn funds were used to continue purchasing XVS, driving the price up, and repeating the above process within 2-3 hours, as seen on pages 76 and 77 of the transaction records—above is a displayed screenshot. Once active purchasing of XVS ceased, the market began to decline, directly leading to insufficient collateral for the 0xef…7bf wallet, followed by a chain of liquidations.

Due to the rise in XVS prices, 0xef…7bf was essentially able to redeem its XVS, including over 1000 tokens earned daily by the system, at prices far exceeding external market value. When the dust settled, 0xef…7bf had no collateral left, only a debt of 2000 BTC.

After extracting BTC from the 0xef…7bf account, I found that they were sent to 0x04ebe08a11eafa75c913465e2bcdd34b133f7ed1.

Shortly after reaching this wallet, the funds were sent to the "0x164…029 Binance wallet." It can also be observed that on March 8, 0xef…7bf directly sent 27 BTC to the "0x164…029 Binance wallet." This was 53 days after the Cannon event and 71 days before the XVS liquidation event.

Therefore, in light of the above circumstances, we can directly link the CAN event to the XVS liquidation suspected of price manipulation. One question I want to ask is, once the Swipe team felt it necessary to terminate the association with a controversial Venus protocol address, why did the team not take immediate action to mitigate the risk? Why was this blockchain address not continuously monitored by the team?

3. Connection of Swipe/Venus Team

a. Venus Buyback and Burn

On April 26, VIP-16 passed a proposal to buy back and burn $3.5 million worth of XVS from the market. The Venus/Swipe team requested that the funds be sent to 0x74574937281B91cd708AbA6522287b78b3243EE7.

2.5 million USDT was then sent to the "0x164…029 Binance wallet." 20 minutes later, 31979.9961 XVS was bought back and burned.

b. Transactions with Deployer and 0xfe…7bf Wallet

It was noted that wallet 0x733657b431a35f0283c33de0dd7fd293a8f1a15a sent an address to the "Venus: Deployer" team address on November 25, 2020. The Deployer address is the address that created all Venus contracts.

It was then observed that 77 days ago, the remaining assets in this wallet were sent to 0xef…7bf, establishing a direct link between the team wallet and the beneficiaries of XVS lending and the accounts ultimately liquidated for suspected price manipulation.

c. Transactions from SXP Ecosystem Wallet

It was observed that the "0x164…029 Binance wallet" received a large number of high-value SXP transfers, totaling over 120 million tokens.

These transfers originated from "BSC: Token Center." The transfers were initiated on the Binance chain, and all transfers came from wallet bnb1rcq2vzuzzvw5unqfkwylt5r5wxks73tck0sf4s, for example: txid B34…293.

On March 1, 2021, this wallet received 100,000 SXP from bnb1c8wmwh6yvv4w6v9df0yzt23w4r0wus5lqh58mj. Then on April 15, it received over 50 million SXP.

bnb1c8wmwh6yvv4w6v9df0yzt23w4r0wus5lqh58mj initially received 120 million tokens from the generated SXP address. Looking at the original SXP white paper, it outlines the distribution of tokens as follows:

SXP original white paper token distribution

Thus, wallet *8mj is the ecosystem reserve wallet of the Swipe team.

Therefore, connecting all the dots; the final question, which I cannot find a logical explanation/answer for, is: considering the Cannon event occurred on January 14, 2021, why did the Swipe team transfer funds from the ecosystem reserve on April 15 to the same Binance deposit address that was transferred to the Cannon entity? I have searched for any reasonable explanation here, and apart from concluding that all these events were a meticulously planned internal operation to enrich the project team, I cannot draw any conclusions.

Ultimately, the community users' funds are the ones that suffer losses, not the protocol's funds, with approximately 2000 BTC and 10,000 ETH lost so far.

Earlier today, the Venus team made the following update:

The first proposal of VGP will be to address the systemic shortfall of BTC and ETH.

If the information I have recorded is correct, then the first proposal is to transfer XVS from the treasury in exchange for the ETH and BTC that the team already possesses—no doubt at a discounted price.

I can no longer remain silent; I urge CZ to intervene immediately, investigate, and confirm my findings, and clear this corrupt team.

Supplement 1:

0x0c1e306d12c55d92f0c56e19ee86bbabb71642024d2bdec7a301dea6452973e1 is one of several transaction addresses where wallet 0xef…7bf sold a large amount of VAI tokens at a price below the peg. Many in the community have complained about the lack of pegging, which seems to also be attributed to insiders.

There is also another wallet that owes the protocol over 5800 ETH, which withdrew the last 1400 ETH 15 seconds before the liquidation began. I did not find a direct connection between this account and others, but I find it hard to believe that, given the timing and amount of XVS transfers, it was not involved in some way compared to other accounts.

Supplement 2:

After this article was published, the Venus team reached out to me to discuss this article and attempted to clarify my misunderstandings. However, several questions I raised still remain, and I was told that the Venus team would provide me with updates on the questions asked at the appropriate time, and if there are any new developments, the article will be updated/clarified as necessary.