Venus Protocol, an online lending platform that runs on BNB Chain suffered from a new exploit. Attackers manipulated token liquidity in order to take advantage of flash loans.
It cost about $3.6 million, and the protocol was forced to limit trading of several assets.
What happened?
Analysis of the incident shows that it had been ongoing for several months. The attacker had spent the time accumulating native tokens of Thena.
In total, roughly 14.5 million THE—about 84% of the token’s circulating supply—was purchased from the open market.
The attacker transferred tokens from the system to be lent. Venus ProtocolThis allows the attacker to build an artificial position far exceeding actual circulating supply. The attacker could then build a fake position which was far greater than the tokens’ actual circulation supply.
The records show that by the end of the cycle, the total amount spent on the assets was 53.2 millions THE. This is approximately 367% more than their actual supply.
This strategy was based on tokens’ thin liquidity on chain. The attacker used collateral to borrow other assets and then use those funds for more THE.
The oracle token price rose with each cycle, giving the impression of a rising market and increasing the collateral’s value.
Each time the attacker made a loop, he increased the size of the loan and finally drove the system past its limits.
The theft of $3.6 million was the result. Included in the stolen money were 6.67 millions PancakeSwap, 2,801 BNBThe WBNB is 1.58 million, or 1.97 thousand USD CoinThere are 20 Bitcoin BEP2.
Protocol Response
The team that created the website has responded. Venus Protocol “Suspension of the THE Market and tightened collateral requirements for various assets considered to be high risk.”
The revised framework has raised the thresholds for collateral and limited exposure to tokens which have low liquidity or concentrated ownership.
The new requirements require that tokens being used as collateral meet more stringent standards in terms of market capitalization (market value), trading volume and supply distribution.
The updated criteria flagged six assets, including Bitcoin Cash [BCH], Litecoin [LTC], Uniswap [UNI], Aave [AAVE], Filecoin [FIL]” Trust Wallet Token [TWT].
This is not the only security breach
It was, however not the first time that the protocol had been involved in a security incident.
Venus Protocol, in September 2025 reported losses of approximately $27,000,000 after a hacking attack compromised its pool controller.
An attacker used a malicious address to manipulate the system. The exploit provided access to iTokens like vUSDC, vETH and other assets.
The platform’s total value locked stayed relatively constant.
TVL has been holding close to $1.47 billion for the past few days. There was no obvious decline in value after this latest success.
Final summary
- Venus Protocol has suffered an exploit of $3.6M after attackers mismanaged the liquidity of THE tokens and misused flash loan mechanisms.
- Before initiating this exploit, the attacker had accumulated 14,5M THE (84%) of the circulating supply.
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: ambcrypto.com
