en.bitcoinhaber.net
In a recent cyberattack, Venus Protocol suffered a loss of over $3.7 million after a flash loan attack manipulated THE token‘s collateral value. As a decentralized platform on the $BNB Chain, Venus Protocol allows users to lend and borrow digital assets, but this incident highlighted vulnerabilities linked to lower-liquidity tokens.
How Was The Collateral Exploited?
The breach targeted the Core Pool of Venus Protocol by taking advantage of THE token’s use as collateral. The perpetrator accumulated approximately 84% of THE’s supply over time, positioning themselves to exploit the protocol. By depositing directly to the vTHE contract and avoiding supply limit checks, the attacker inflated their collateral holdings substantially.
This strategy resulted in a ballooned collateral position of 53.2 million THE tokens, far exceeding Venus Protocol’s limits. The attacker then cyclically borrowed assets like BTC, $CAKE, $BNB, and USDC, purchasing more THE and further manipulating collateral value through the TWAP oracle’s adjustments.
What Are The Protocol’s Defensive Actions?
Amid the attack, THE’s price surged from $0.263 to $0.563 before collapsing to $0.22, significantly impacting the protocol. Similar attacks have been carried out in the DeFi realm where low-liquidity tokens face oracle manipulation.
In response, Venus Protocol has temporarily frozen six high-risk markets, aiming to protect assets from future exploits. The platform also suspended THE-related borrowing and withdrawals, ensuring other operations remain unaffected.
The team believes the attacker may have utilized Tornado Cash for funding, complicating detection efforts. To strengthen their defenses, Venus Protocol is updating collateral guidelines and reviewing oracle security mechanisms, as the incident created $1.7 to $2.15 million in estimated bad debt, primarily in the $CAKE market.
Key findings confirmed the attack was isolated to particular assets, such as THE and $CAKE, without endangering the platform’s broader stability. Security professionals point out the persistent risk associated with low-liquidity assets, highlighting the need for stringent smart contract verification.
Ongoing analysis by Venus Protocol underscores the dynamic challenges DeFi protocols face against innovative exploit tactics and shifting market landscapes, necessitating constant evolution of security measures.
“The complexities of this attack emphasize the need for more robust risk management and security strategies to protect decentralized financial platforms,” noted a Venus Protocol spokesperson.
Users can expect continuous updates as deeper investigations unfold, reflecting the ongoing adaptation required to combat similar threats in the future.