Venus Protocol on the BNB Chain suffered a suspected flash-loan attack targeting its Core Pool, resulting in losses of more than $3.7 million. The attacker borrowed around 20 BTC, 1.5 million CAKE, and about 200 BNB using THE tokens, prompting the protocol to pause borrowing and withdrawals of THE while investigators review suspicious activity in the lending pool. On-chain data indicate the attacker manipulated supply caps via the Thena (THE) token, enabling the borrowing of multiple assets. The exploit involved an address starting with 0x1a35…6231.
The strategy began months earlier, as the attacker slowly accumulated around 84% of THE’s supply cap (14.5 million tokens) over nine months starting in June 2025. The real attack occurred when the attacker bypassed the normal deposit flow by directly transferring tokens to the protocol contract, allowing a 53.2 million THE collateral position—nearly 3.7 times the allowed limit. With this inflated collateral, the attacker borrowed large amounts of assets, including around 20 BTC, about 1.5 million CAKE, nearly 200 BNB, and 1.58 million USDC. To maximize the impact, the attacker followed a loop: deposit THE, borrow assets, buy more THE, and wait for the TWAP oracle price update to increase the collateral valuation, driving THE’s price from roughly $0.263 to about $0.563 before the market collapsed to around $0.22 during liquidation.
Venus Protocol responded by pausing THE borrowing and withdrawals and by restricting markets with high liquidity concentration, including BCH, LTC, UNI, AAVE, FIL, and TWT, while other markets remained operational and unaffected during the investigation. The team said a detailed report will be released after the full exploit analysis is completed.
Leave a Reply