TLDR
- A malicious actor exploited Venus Protocol on BNB Chain by manipulating THE token prices, extracting more than $3.7 million in digital assets.
- The perpetrator employed a “donation attack” technique, directly transferring tokens to the smart contract to circumvent the platform’s supply limitations.
- Inflated THE tokens served as collateral for borrowing CAKE tokens, USDC, BNB, and Bitcoin from the protocol.
- Venus Protocol suspended all THE token borrowing and withdrawal operations during its investigation, with approximately $2.15 million in bad debt remaining.
- The vulnerability exploited was previously identified in a Venus security audit for Compound-based lending platforms but was not addressed by the development team.
On Sunday, Venus Protocol, the premier lending platform operating on BNB Chain, fell victim to a sophisticated price manipulation scheme targeting Thena’s THE token.
The perpetrator artificially inflated THE’s market price from approximately $0.27 to nearly $5 by taking advantage of limited on-chain liquidity. Their strategy involved depositing THE as collateral, borrowing alternative assets, purchasing additional THE with those borrowed funds, and repeating this process as Venus’s price oracle adjusted to the artificially elevated valuation.
The exploiter circumvented Venus’s supply cap restrictions on THE through a donation attack strategy. This involved sending THE tokens directly into the vTHE smart contract, avoiding the standard deposit mechanism. This tactic inflated the exchange rate recognized by the protocol, effectively nullifying the supply cap controls.
Leveraging the artificially inflated THE collateral, the attacker successfully borrowed 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin from the platform.
According to Wu Blockchain, total losses from the exploit exceed $3.7 million. Blockchain analyst EmberCN calculated the bad debt at approximately $2.15 million, consisting of 1.18 million CAKE tokens and 1.84 million THE tokens.
The wallet address used in the attack received its initial funding of 7,400 ETH from Tornado Cash, a cryptocurrency mixing service designed to obscure transaction origins.
Venus Protocol announced on X that it detected “unusual activity” within the THE pool and immediately suspended all THE borrowing and withdrawal functions as a security measure while conducting a thorough investigation.
The Attacker May Have Lost Money
The exploitation attempt did not unfold as the attacker intended. Following the first borrowing cycle, Venus’s time-weighted average price oracle had only adjusted THE’s valuation to approximately $0.50, significantly below the artificially pumped market price.
Undeterred, the attacker persisted, continuing to purchase THE tokens using borrowed assets. However, overwhelming selling pressure countered these efforts. The attacker’s health factor plummeted close to 1, initiating liquidation procedures.
THE tokens were sold into an order book with virtually no liquidity depth. The price crashed to approximately $0.24, falling below its pre-attack valuation. On-chain security researcher Weilin Li, who initially discovered the attack, suggested the attacker likely generated minimal on-chain profit and potentially suffered net losses.
A History of Bad Debt at Venus
This incident marks another chapter in Venus Protocol’s troubled history with price manipulation exploits. A 2021 manipulation of the protocol’s native XVS token resulted in over $95 million in bad debt.
The platform accumulated $14 million in bad debt during the Terra/LUNA collapse in 2022. More recently, a donation attack on Venus’s ZKSync deployment in February 2025 generated over $700,000 in bad debt using mechanics nearly identical to Sunday’s exploitation.
The donation attack methodology utilized in this breach represents a documented vulnerability affecting Compound-forked lending protocols. This specific weakness had been identified in Venus’s Code4rena security audit, though the development team challenged and dismissed the finding during the audit process.
As of publication time, THE was trading at $0.2255, representing a decline of more than 17% over the previous 24 hours.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
