📝 Incident Overview: Venus Protocol Flash Loan Attack

On March 14, 2026, the Venus Protocol lending platform on the BNB Chain was hit by a sophisticated flash loan attack, resulting in the loss of over $3.7 million in various crypto assets . The attack specifically targeted the platform's integration with the low-liquidity token THENA (THE) , leading to its price crashing by more than 17% in 24 hours .

The attacker, identified by the address 0x1a35…6231, managed to walk away with approximately 20 BTCB (Bitcoin BEP2) , 1.5 million CAKE tokens, and 200 BNB .

🕵️ How the Attack Was Executed

This was not a simple, one-step hack. It was a meticulously planned exploit that combined a long-term accumulation strategy with a complex, short-term price manipulation using flash loans. The attack can be broken down into two main phases :

1. The Long Game: Accumulating THE (June 2025 - March 2026)
· For nine months leading up to the attack, the exploiter slowly and quietly accumulated a massive position in THE tokens. They acquired about 84% of THE's supply cap on Venus, which amounted to roughly 14.5 million tokens .
· This long-term accumulation set the stage for the main exploit by ensuring they had a large base of the target token.
2. The Short Game: Flash Loan & Oracle Manipulation
· The Flash Loan: The attacker took out a massive flash loan (an uncollateralized loan that must be repaid within the same blockchain transaction) of a stablecoin like USDC .
· Inflating THE Price: They used these borrowed funds to buy a huge amount of THE on a decentralized exchange like PancakeSwap. Because THE had low liquidity, this buying spree artificially pumped its price from around $0.263 to nearly $0.563 .
· Exploiting the Oracle: Venus Protocol relied on a TWAP (Time-Weighted Average Price) oracle to determine asset prices. The attacker's massive purchase manipulated the market price, and when the oracle updated, it reflected this artificially high price .
· Depositing Inflated Collateral: The attacker then bypassed normal deposit limits by transferring THE tokens directly to the protocol contract, creating a collateral position of 53.2 million THE—nearly 3.7 times the allowed limit .
· Borrowing Real Assets: With their collateral now valued at the inflated, oracle-fed price, the attacker borrowed significant amounts of real, high-value assets from Venus: BTCB, CAKE, and BNB .
· Repaying and Profiting: Finally, they sold some of the remaining THE to recoup funds, repaid the flash loan, and walked away with the borrowed assets as pure profit. Once the artificial buying pressure was gone, THE's price crashed back down to around $0.22, leaving Venus with worthless collateral .

⚠️ Immediate Aftermath and Protocol Response

Venus Protocol acted quickly to contain the damage and prevent further exploits :

· Paused Markets: They immediately paused all borrowing and withdrawals for THE, as well as for several other markets that showed high liquidity concentration (BCH, LTC, UNI, AAVE, FIL, and TWT) .
· Reduced Risk: The Collateral Factor (CF) for these six markets, plus lisUSD, was reduced to zero. This measure targets markets where a single user holds a disproportionately large share of the supplied collateral, preventing them from being used for further borrowing .
· Ongoing Investigation: The team has stated that all other markets remain operational and unaffected. They have committed to releasing a detailed post-mortem report once their investigation is complete .

This incident adds to Venus Protocol's history of security challenges, including a $95 million bad debt event in 2021 and losses related to the Terra/LUNA collapse and the BNB Chain bridge hack in 2022 .

I hope this detailed breakdown is helpful. Would you like me to explain how flash loans work in more detail, or provide an update on THENA's price action following the event?