Venus Protocol hit by $3.7M in 'supply cap' attack

The threat actor manipulated the platform by using Thena tokens to bypass the maximum supply cap and borrow several different digital assets.

Venus Protocol, a decentralized lending and borrowing platform, said on Sunday it had detected suspicious trading activity in the liquidity pool for the Thena (THE) token, the native cryptocurrency of the Thena decentralized finance platform.

The unusual trading activity only affected pools for the Cake (CAKE) token, the native cryptocurrency of the PancakeSwap decentralized exchange, and the Thena token, according to an announcement from Venus Protocol. The Venus team said:

The suspicious trading activity is suspected to be a supply cap attack that was executed in two phases: a steady accumulation of about 84% of the total THE token market cap, coupled with a lending attack, according Allez Labs, which was identified by Venus Protocol as its risk manager.The Venus exploiter used the Theta token as collateral to borrow 6.67 million CAKE tokens, 1.58 million USDC (USDC), 2,801 BNB (BNB) — the native token of the BNB chain — and 20 Bitcoin (BTC), Allez Labs said. 

Out of caution, withdrawals and borrowing for other tokens, which have low liquidity on the platform, were also temporarily halted, Allez Labs said. The total amount lost in the attack is now over $3.7 million, according to Wu Blockchain. 

At the time of publication, THE was trading at $0.2255 apiece, down more than 17% in the last 24 hours, according to pricing data on CoinMarketCap.com.

Cointelegraph reached out to Venus Protocol but did not obtain a response by the time of publication.The incident highlights the cybersecurity and code exploit threats faced by crypto users and decentralized finance platforms, as the sector grows and security threats that cause financial loss become increasingly sophisticated.

Related: February crypto losses hit lowest level since March 2025, says PeckShield

The value lost in crypto-related hacks fell to $49 million in February, the lowest level in nearly a year, according to blockchain security firm PeckShield.

Despite the reduction in total value lost to hacks and code exploits during February, there was an uptick in phishing and social engineering scams.

“The majority of individual attacks targeted private users through phishing attacks, malicious signatures, and address poisoning scams,” according to a report from blockchain intelligence platform Nominis.

Phishing scams often use fake websites, which feature addresses that are nearly identical to legitimate domain names. These fraudulent websites have malware designed to steal private keys for cryptocurrencies or other sensitive information.

Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time

Source: CoinTelegraph