Attack on VeleroDAO: What’s happened

December 10, 2022
Ecosystem Updates , Stablecoin

Describing what’s happened: Hacker used governance portal, in one contract he created a proposal that probably changes the oracle that provides BUSD price. In 1 transaction he proposed the proposal and voted for it, minted USDV and draining pools on wagyu. It’s done in 1 contract, same block and only 1 transaction.

We can’t check the changes, but it seems that he voted for changing oracle, that provides price for BUSD.

Minimum amount for participating and voting is 30.000 VDGT so he possibly made a proposal and voted for it.

At the moment we contacted Crystal, AMLBot and HAPI, address has been marked We also contacted Uniswap, maybe they can help us somehow.. Hopefully, there some funds left on Kucoin but we need to wait to get information about it.

Also we’re working on solution for buying back current vaults, all of them are in safe.

Those who held and bought USDV — after we will understand more details regarding hacker and other amount of drained money — we will apply buyback mechanism.

As we see, ±350.000k USD in total were drained from Velas Blockchain.

Explainer step by step:

#1 sending VDGT tokens (30k) to the address of the contract with the exploit

calling the vote method (votes 30k VDGT) from DsChief for accepting changes in the system (

#3 Sending BUSD (105) tokens to the address of the exploit contract

sending BUSD tokens (100) to unknown contract (0xc0845342A37fdf55eb13D0cF64e6AA43b2488E8c)


Deposit 100 BUSD to the contract address JOIN_BUSD (0x4368d9F91C40EA8Ac9F11A4f9289889f56D32Df8), for further generation of USDV tokens

#6 USDV token generation

#7 Exchange on wagyu for USDV -> BUSD

#8 Exchange on wagyu USDV -> WBTC

#9 Exchange on wagyu USDV -> DAI

#10 Exchange on wagyu USDV -> ETH

#11 Exchange on wagyu USDV -> VLX

#12 send 500,000,000,000 USDV to the address from which the transaction that triggered the exploit was sent (0xA10B21aFC713B600C52E75723Ddd53dE26900dA1)

It’s all within one transaction:


5 WBTC —

2.0161 WBTC —

35000 DAI —

82914 BUSD —

0.436739577823117734 ETH —

Link for our oracle —

Adress which is suspected and marked :

Current address that holds part of the stolen money:

Go to Source

Hey, like this? Why not share it with a buddy?

Leave a Reply