Key Takeaways
- Attackers used a two-phase manipulation of THE tokens to bypass protocol limits.
- Venus Protocol immediately paused all THE and CAKE borrows to prevent further asset drainage.
- The THE token plummeted over 17% following the news of the $3.7 million loss.
The Anatomy of a Supply Cap Exploit
Venus Protocol, a decentralized cornerstone of the BNB Chain, faced a sophisticated $3.7 million breach this Sunday. The attacker targeted the liquidity pools of the Thena (THE) token using a calculated strategy. According to Allez Labs, the protocol’s risk manager, the threat actor first accumulated roughly 84% of the total THE market cap.
This allowed them to manipulate the token’s valuation and collateral status before launching a lending attack. By using THE as inflated collateral, the exploiter bypassed supply caps to borrow 20 Bitcoin, 2,801 BNB, and millions in CAKE and USDC.
In a rapid response, the Venus team suspended all withdrawals and borrowing for affected pools. This “digital circuit breaker” was intended to ring-fence the damage while the investigation continued.
While the protocol remains functional for major assets, the incident has reignited debates regarding the risks of using low-liquidity tokens as collateral in decentralized lending environments.
Monthly crypto losses from hacks fall in February, as attackers pivot to social engineering scams
Even with the headlines about the Venus attack, crypto security in early 2026 is actually seeing a strange lull. According to PeckShield, hack losses hit a nearly one-year low in February, dropping to just about $26.5 million.
But experts aren’t celebrating yet. It’s not that the bad actors have gone away; they’ve just stopped banging on the ‘digital front door’ of smart contracts. Instead, they’re going after the people behind the wallets. Between address poisoning and high-tech phishing, scammers are finding it’s much easier to trick a person with a fake site than it is to break a piece of code.
Final Thoughts
The Venus Protocol incident proves that even as total industry hack volumes decline, individual code exploits are becoming more surgical. Diversifying collateral and setting strict supply caps remains the best defense for DeFi protocols.
Frequently Asked Questions
What is a supply cap attack?
It occurs when an attacker manipulates an asset’s price to borrow more than the protocol’s intended limit.
Was the Venus Protocol hack recovered?
Currently, the $3.7 million in funds remains with the attacker as the investigation is ongoing.
Is my BNB safe on Venus?
Venus has paused THE and CAKE pools specifically, though users are advised to monitor official announcements for other tokens.
