Venus Protocol hack triggers $3.7 million loss after THE token manipulation on BNB Chain

A new exploit on a leading BNB Chain lending market has reignited concerns over DeFi risk management, with the latest venus protocol hack again linked to oracle and liquidity weaknesses.

How the THE price manipulation unfolded on Venus

On Sunday, Venus Protocol, the dominant lending platform on BNB Chain, was hit by a sophisticated price manipulation attack centered on THE, the native token of Thena. The incident, which targeted a specific asset market, exposed structural weaknesses in collateral onboarding and liquidity assumptions.

The attacker exploited thin on-chain liquidity to push THE‘s price from about $0.27 to nearly $5. Their strategy relied on repeatedly depositing the token as collateral, borrowing other assets, buying more THE with the borrowed funds, and looping this process. Moreover, Venus’s price oracle continued to track the artificially inflated market value during these cycles.

To bypass Venus’s supply cap on THE, the perpetrator used a donation attack technique. Instead of using the standard deposit function, they transferred tokens directly into the vTHE smart contract. This flow distorted the protocol’s internal exchange rate, effectively neutralizing the intended supply limitations and allowing outsized collateral creation.

Using the inflated collateral, the exploiter drained multiple assets from the protocol. They withdrew 6.67 million CAKE, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin in a short window, converting the manipulated valuation of THE into real value across several liquid tokens.

Loss estimates, bad debt and emergency response

Total damages from the attack exceed $3.7 million, according to reporting from Wu Blockchain. However, not all of this loss remains as open exposure. Independent on-chain analyst EmberCN estimated that roughly $2.15 million persists as bad debt on Venus, composed of about 1.18 million CAKE and 1.84 million THE that are no longer adequately collateralized.

The wallet address behind the operation was initially funded with 7,400 ETH via Tornado Cash, the privacy-focused cryptocurrency mixer. That said, the use of such tooling is common in complex exploits and makes attribution and recovery efforts more challenging for investigators and affected protocols.

In response, Venus Protocol announced on X that it had detected “unusual activity” in the THE liquidity pool. The team swiftly froze all borrowing and withdrawal functions related to THE, framing the decision as an emergency safeguard while an internal and external security review is conducted.

The attacker’s trade-offs and potential net loss

The exploitation process did not play out exactly as the attacker likely intended. Following the first borrowing loop, Venus’s time-weighted average price oracle only adjusted THE‘s valuation to around $0.50, far below the nearly $5 level seen in spot trading. This reduced the effective collateral value inside the protocol.

Nonetheless, the attacker continued acquiring THE using borrowed capital, attempting to maintain the elevated price and maximize borrowing capacity. However, sustained selling pressure overwhelmed the shallow orderbook. The account’s health factor edged toward 1, triggering liquidations and forcing the sale of collateral into a rapidly falling market.

The unwind happened in a market with almost no depth. THE collapsed to roughly $0.24, which was even lower than its pre-attack price near $0.27. On-chain security researcher Weilin Li, who first flagged the incident publicly, argued that the attacker likely realized only limited on-chain profit and may ultimately have booked a net loss.

As of publication, THE traded near $0.2255, marking a drop of more than 17% over the last 24 hours. Moreover, the sharp reversal underscores how extreme volatility in illiquid assets can reverse the economics of what initially appears to be a lucrative manipulation.

A pattern of bad debt incidents at Venus

This latest Venus Protocol incident adds to a history of losses tied to market manipulation and collateral design. In 2021, a scheme involving the platform’s native XVS token generated more than $95 million in bad debt, leaving the protocol and its community with a significant hole to address.

Then, during the Terra/LUNA collapse in 2022, Venus absorbed approximately $14 million in uncollateralized exposure. That said, those losses were driven by systemic market failure rather than direct exploitation, highlighting a different but related dimension of risk in multi-asset lending platforms.

More recently, in February 2025, a similar donation-based exploit struck Venus’s ZKSync deployment. Attackers used almost identical mechanics to Sunday’s incident to create over $700,000 in bad debt. The repetition of this pattern across environments has intensified scrutiny of how the protocol handles collateral onboarding and edge-case behaviors.

Compound-based design risks and ignored warnings

The core vulnerability used here is not unique to Venus Protocol. The donation-style exploit represents a known design weakness in Compound-forked lending systems, where direct token transfers to interest-bearing markets can distort the accounting that underpins collateral valuation and the supply cap logic.

Importantly, Venus’s Code4rena security review had already flagged this category of risk. However, the development team reportedly questioned the severity of the finding at the time, opting not to deploy a full mitigation. The recurrence of an almost identical attack now puts that decision under renewed criticism from security researchers and users.

For DeFi markets on BNB Chain and beyond, the latest venus protocol hack reinforces how known theoretical issues can translate into real losses if left unaddressed. Going forward, tighter controls around collateral liquidity, oracle sources and donation-style transfers will likely be central to restoring confidence.

In summary, the attack on Venus involving THE combined price manipulation, oracle reliance and a donation vector to generate more than $3.7 million in damage, while again exposing long-standing structural risks in Compound-based lending protocols.