crypto-news-flash.com
- Venus exploit on $BNB Chain let an attacker use $THE as inflated collateral and leave the protocol with about $3.7M in bad debt.
- $THE surged from $0.27 to nearly $5 during the Venus exploit, then fell to about $0.24 after liquidation hit the market.
Venus Protocol has confirmed a security incident involving the $THE market on $BNB Chain, in which an attacker manipulated the token’s collateral value and extracted approximately $3.7 million in digital assets. The operation impacted the Venus Core lending market, but Venus Flux operated as usual.
Blockchain data showed the attacker spent about nine months accumulating large amounts of the $THE token. This strategy allowed the address to control a dominant share of the token supplied to the lending market while remaining within the platform’s operating rules during the accumulation phase.
The Venus Protocol exploit resulted from a gap in the enforcement of the supply cap in the protocol code. The attacker transferred $THE tokens directly to the protocol contract, exceeding the intended 14.5 million-token supply limit on the market.
On the $THE market incident: here's what happened and what we're doing about it.
The attacker spent 9 months slowly accumulating $THE to build a dominant supply position. They then bypassed our supply cap by directly transferring tokens to the protocol contract. This is a gap in…
— Venus Protocol (@VenusProtocol) March 16, 2026
The attacker then began manipulating the token’s price through a recursive borrowing strategy after establishing the oversized collateral position. Blockchain investigators tracked the attacker’s wallet, which received approximately 7,400 Ethereum from Tornado Cash before initiating the exploit.
Venus Exploit: Recursive Borrowing Loop Inflated Collateral Value
The Venus exploit gave the attacker a way to sharply inflate the collateral value. The wallet borrowed money, invested it in purchasing additional $THE, and drove the token price up as market activity increased.
Each new transaction cycle increased borrowing capacity as the collateral’s value rose with the token’s price. The attacker did this a few times, borrowing even more as the collateral’s value kept rising.
On-chain data shows that the token price rose from $0.27 to almost $5 while the manipulation was underway before it was liquidated. The token price dropped to about $0.24 after the position closed.
The collapse left the lending protocol with bad debt linked to the borrowed assets. Records show the attacker borrowed roughly 20 BTCB, 1.5 million CAKE tokens, and about 200 $BNB before the liquidation event.
Protective actions followed immediately after the activity appeared on-chain. The protocol paused the $THE market and reduced the token’s collateral factor to zero to prevent any more borrowing.
Additional precautionary controls targeted other markets with similar liquidity profiles. Collateral factors for Bitcoin Cash (BCH), Litecoin (LTC), Uniswap (UNI), Aave (AAVE), Filecoin (FIL), Trust Wallet Token (TWT) and lisUSD were also reduced to zero.