A sophisticated flash loan attack on Venus Protocol led to losses exceeding $3.7 million after an attacker manipulated the value of THE token collateral to extract high-valued assets. Venus Protocol operates as a decentralized lending and borrowing platform on the BNB Chain, allowing users to deposit various digital assets and earn yields or obtain loans. The attack exposed underlying vulnerabilities in collateral management for lower-liquidity tokens.
Attack Dynamics And Collateral Manipulation
The exploit targeted Venus Protocol’s Core Pool, exploiting the protocol’s acceptance of THE token as collateral. The attacker had accumulated around 84 percent of THE’s supply over an extended period, quietly building a dominant position. Instead of conventional deposit practices, the individual transferred tokens directly to the vTHE contract, bypassing internal safeguards that enforce supply limits.
This maneuver pushed the collateral position to 53.2 million THE tokens, vastly exceeding Venus’s protocol cap by nearly four times. Amplifying the impact, the attacker alternated between depositing THE, using the inflated value to borrow assets such as BTC, CAKE, BNB, and USDC, and subsequently buying more THE with the borrowed assets. Each cycle allowed the time-weighted average price (TWAP) oracle to adjust, further inflating the perceived collateral value.
Market Reaction And Immediate Security Steps
During the advance of the exploit, THE token’s price soared from $0.263 to $0.563 before sharp liquidations brought it down to $0.22. This price volatility severely stressed the protocol, leading to the forced liquidation of assets and the significant loss event. Similar attack patterns have been noted in the decentralized finance sector, particularly with tokens that have limited market depth and are subject to manipulation via oracles.
Venus Protocol responded by freezing six high-risk markets, including BCH, LTC, UNI, AAVE, FIL, and TWT, in an effort to shield remaining assets from additional incidents. Borrowing and withdrawals related to THE token were halted, although other platform markets continued operating without interruption.
The protocol team indicated the suspicious wallet may have engaged Tornado Cash to fund the attack, complicating traceability. In response, Venus Protocol has strengthened collateral rules and is conducting a comprehensive review of oracle mechanisms to help prevent similar exploits. The incident left an estimated bad debt between $1.7 million and $2.15 million, with the largest portion stemming from the CAKE market.
Further analysis confirmed the disruption was restricted to specific asset markets—primarily THE and CAKE—without broader contagion risk for the platform. Security experts monitoring the situation emphasized the heightened risk when lending or borrowing assets with constrained liquidity, underscoring the importance of rigorous safeguards and smart contract checks.
Venus Protocol continues to update its users as investigations progress. The case highlights ongoing challenges facing DeFi protocols when evolving market conditions and creative attack strategies outpace current risk models and technical controls.
