en
Back to the list

Venus Protocol Exploited

source-logo  usethebitcoin.com 16 March 2026 15:13, UTC
image

Key Takeaways

  • Attackers used a two-phase manipulation of THE tokens to bypass protocol limits.
  • Venus Protocol immediately paused all THE and $CAKE borrows to prevent further asset drainage.
  • The THE token plummeted over 17% following the news of the $3.7 million loss.

The Anatomy of a Supply Cap Exploit

Venus Protocol, a decentralized cornerstone of the $BNB Chain, faced a sophisticated $3.7 million breach this Sunday. The attacker targeted the liquidity pools of the Thena (THE) token using a calculated strategy. According to Allez Labs, the protocol’s risk manager, the threat actor first accumulated roughly 84% of the total THE market cap.

🔒 Follow-up Update

As we continue to investigate the unusual activity in the $THE pool, we are taking precautionary action by pausing all $THE borrows and withdrawals effective immediately, to prevent any further misuse.

This will remain in effect until the investigation is…

— Venus Protocol (@VenusProtocol) March 15, 2026

This allowed them to manipulate the token’s valuation and collateral status before launching a lending attack. By using THE as inflated collateral, the exploiter bypassed supply caps to borrow 20 Bitcoin, 2,801 $BNB, and millions in $CAKE and USDC.

🚨 We have identified unusual activity involving the $THE pool and are actively investigating.

At this time, only the $THE and $CAKE markets appear to be affected.

We will share updates as our investigation progresses. We appreciate your patience and support.

— Venus Protocol (@VenusProtocol) March 15, 2026

In a rapid response, the Venus team suspended all withdrawals and borrowing for affected pools. This “digital circuit breaker” was intended to ring-fence the damage while the investigation continued.

🚨 Earlier today, Venus Protocol's Core Pool on BNBChain was targeted by a supply cap manipulation attack.$THE asset borrows & withdrawals have been paused. In an abundance of caution, markets with high liquidity concentration have also been paused: $BCH, $LTC, $UNI, $AAVE,…

— Allez Labs (@AllezLabs) March 15, 2026

While the protocol remains functional for major assets, the incident has reignited debates regarding the risks of using low-liquidity tokens as collateral in decentralized lending environments.

On-chain data shows Venus Protocol was suspected to suffer a flash-loan attack. The attacker address 0x1a35…6231 obtained about 20 $BTC, 1.5 million $CAKE, and 200 $BNB, totaling over $3.7 million, after using a large amount of THE as collateral on Venus to borrow $CAKE, BTCB, and… pic.twitter.com/qnyISI5pp5

— Wu Blockchain (@WuBlockchain) March 15, 2026

Monthly crypto losses from hacks fall in February, as attackers pivot to social engineering scams

Even with the headlines about the Venus attack, crypto security in early 2026 is actually seeing a strange lull. According to PeckShield, hack losses hit a nearly one-year low in February, dropping to just about $26.5 million.

#PeckShieldAlert In Feb. 2026, the crypto space saw 15 main hacks totaling $26.5M, representing a 98.2% YoY decrease compared to Feb. 2025 ($1.5B, including the $1.4B #Bybit drain) and a notable 69.2% MoM decrease from Jan. 2026 ($86.01M in losses).#Top5 Hacks :… pic.twitter.com/Svp7SZWp5w

— PeckShieldAlert (@PeckShieldAlert) March 1, 2026

But experts aren’t celebrating yet. It’s not that the bad actors have gone away; they’ve just stopped banging on the ‘digital front door’ of smart contracts. Instead, they’re going after the people behind the wallets. Between address poisoning and high-tech phishing, scammers are finding it’s much easier to trick a person with a fake site than it is to break a piece of code.

Final Thoughts

The Venus Protocol incident proves that even as total industry hack volumes decline, individual code exploits are becoming more surgical. Diversifying collateral and setting strict supply caps remains the best defense for DeFi protocols.

Frequently Asked Questions

What is a supply cap attack?
It occurs when an attacker manipulates an asset’s price to borrow more than the protocol’s intended limit.

Was the Venus Protocol hack recovered?
Currently, the $3.7 million in funds remains with the attacker as the investigation is ongoing.

Is my $BNB safe on Venus?
Venus has paused THE and $CAKE pools specifically, though users are advised to monitor official announcements for other tokens.

usethebitcoin.com