A sophisticated exploit recently targeted Venus Protocol, a leading lending platform on BNB Chain, resulting in a loss of approximately $3.6 million. Attackers meticulously manipulated token liquidity and abused flash loan mechanics to execute this multi-stage attack, raising significant concerns about on-chain security and tokenomics.
How the Exploit Unfolded
The attackers executed a months-long strategy, beginning with the accumulation of roughly 14.5 million THE tokens, which accounted for about 84% of its circulating supply. These tokens were then transferred into Venus Protocol's lending system, bypassing standard deposit flows to establish an artificial position that vastly exceeded THE's real circulating supply. The core of the exploit exploited THE's thin on-chain liquidity; the attacker repeatedly deposited THE as collateral, borrowed other assets, and used these borrowed funds to purchase more THE. Each cycle artificially inflated the token's oracle price, creating a false perception of demand and increasing the collateral's perceived value. This iterative process allowed the attacker to progressively increase their borrow size, eventually pushing the system beyond its limits and draining assets. The stolen funds amounted to around $3.6 million, including PancakeSwap tokens, BNB, WBNB, USD Coin, and Bitcoin BEP2.
Protocol's Immediate Response
In response to the security breach, the Venus Protocol team swiftly suspended the THE market to prevent further manipulation. Additionally, they introduced a revised risk framework with significantly tighter collateral requirements for several assets deemed high-risk. This new framework mandates stricter standards for tokens used as collateral, focusing on factors like market capitalization, trading volume, and supply distribution to mitigate exposure to assets with weak liquidity or concentrated ownership. Six specific assets, including Bitcoin Cash (BCH), Litecoin (LTC), Uniswap (UNI), Aave (AAVE), Filecoin (FIL), and Trust Wallet Token (TWT), were immediately flagged under these updated criteria, highlighting a proactive step to enhance platform security.
