- Trending
- Comments
- Latest
An attacker extracted approximately $3.7 million from Venus Protocol on March 15 through a flash loan exploit that manipulated the platform’s collateral mechanism with low-liquidity THENA tokens.
The attacker deposited tens of millions of THE as collateral, borrowed Bitcoin, PancakeSwap’s CAKE token, and BNB, then withdrew the assets—leaving Venus with $2.15 million in bad debt and triggering a 17% price collapse in THE within 24 hours. The incident highlights how flash loans can enable rapid collateral manipulation in DeFi protocols with concentrated liquidity.
On-chain data indicates that the attacker leveraged tens of millions of THE tokens during the operation. Using this collateral on Venus, the attacker borrowed several assets, including Bitcoin via BTCB, PancakeSwap’s CAKE token, and BNB, before extracting approximately $3.7 million in digital assets.
Blockchain analysis suggests that the wallet address 0x1a35…6231 carried out the operation, draining around 20 BTC, 1.5 million CAKE tokens, and 200 BNB. The flash loan attack also left Venus Protocol with roughly $2.15 million in bad debt, according to early estimates.
The incident highlights the growing concern among DeFi developers and investors about how flash loan attack strategies can exploit liquidity imbalances and collateral mechanisms in lending protocols.
Despite the exploit, the broader cryptocurrency market remained relatively stable. The total crypto market capitalization hovered around $2.43 trillion, while DeFi-related tokens maintained a combined valuation near $60 billion. Meanwhile, Bitcoin traded above $71,500, and Ether held near $2,100, suggesting that the flash loan attack had a limited systemic impact beyond the affected assets.
Further blockchain analysis revealed that the flash loan attack may have been premeditated through complex funding channels.
Investigators discovered that a wallet connected to the exploit had previously received 7,400 ETH through Tornado Cash, a privacy tool often used to obscure transaction trails. Analysts believe the funds were later used to orchestrate the collateral manipulation that triggered the liquidation cascade.
By injecting large amounts of THE tokens as collateral and borrowing against them, the attacker effectively exploited the token’s low liquidity, enabling the flash loan attack to unfold rapidly before the market could stabilize.
Such tactics are a recurring concern in decentralized finance. Flash loans allow users to borrow large sums of cryptocurrency without collateral, provided the loan is repaid within the same transaction. When combined with low-liquidity tokens and leveraged positions, the mechanism can enable market manipulation.
In this case, the flash loan attack triggered significant volatility in the THENA ecosystem. THE’s price had already been under pressure, declining more than 15% over the past 30 days, and the exploit accelerated that downward momentum.
At the time of reporting, THE was trading at approximately $0.2299, though it remained up around 12% year-to-date despite the latest shock.
Trading activity surged dramatically during the incident. The token’s 24-hour trading volume jumped more than 5,500% to $291 million, reflecting both panic selling and opportunistic trading following the flash loan attack.
Following the discovery of suspicious activity, Venus Protocol confirmed it had detected irregular transactions involving the THE liquidity pool.
“As we continue to investigate the unusual activity in the $THE pool, we are taking precautionary action by pausing all $THE borrows and withdrawals effective immediately, to prevent any further misuse.” — Venus Protocol, official statement.
The protocol emphasized that the pause was a preventive measure designed to contain the damage from the flash loan attack while the investigation continued. According to the team, only the THE and CAKE markets appear to have been affected, while other lending pools remain operational.
The restrictions will remain in place until the platform completes its internal review of the incident.
In the aftermath of the exploit, Venus Protocol announced additional safeguards intended to prevent similar attacks in the future.
The platform reduced the Collateral Factor (CF) to zero for six additional markets, targeting assets where a single participant controls a disproportionately large share of supplied collateral. This change aims to limit the risk of manipulation that could enable another flash loan attack.
The protocol also noted that markets with low liquidity thresholds and high single-user concentration will face stricter risk parameters going forward. Assets affected by the precautionary adjustment include BCH, LTC, UNI, AAVE, FIL, TWT, and lisUSD.
The latest incident adds to a history of security challenges for the lending platform. In 2021, manipulation involving the XVS token left Venus with $95 million in bad debt. The following year, the collapse of Terra/LUNA resulted in another $14 million in losses, while a BNB Chain bridge exploit allowed attackers to borrow roughly $150 million in stablecoins.
Security experts say such events illustrate how DeFi platforms must continually adapt risk management models as attackers develop more sophisticated strategies.
For now, the industry is once again debating how protocols can defend themselves against the growing threat of the flash loan attack, a tactic that continues to test the resilience of decentralized financial infrastructure.
Copyright © 2025 - The Bit Gazette.
