Suspected $3.7M Exploit Hits Venus Protocol After Attacker Uses Illiquid Token as Collateral

Suspected $3.7M Venus Protocol Exploit Hits BNB Chain Lending Markets

Onchain and social media alerts first surfaced on March 15 when blockchain observers noticed abnormal borrowing activity tied to wallet address 0x1a35bd28efd46cfc46c2136f878777d69ae16231, which analysts say supplied a large amount of $THE tokens to Venus’ lending market. The activity was quickly flagged as a potential flash-loan or price-manipulation-style exploit.

Data visible on BscScan and Debank shows the wallet extracted approximately 20 BTCB valued near $1.43 million, 1.5 million CAKE worth about $2.18 million, and roughly 200 WBNB valued near $132,000, bringing the combined value of assets involved to roughly $3.7 million.

Community analysts said the wallet deposited millions of $THE tokens—estimates range from about 8.8 million to more than 50 million tokens—as collateral within Venus’ lending system. Because the asset has relatively low liquidity, analysts suspect the token’s price may have been temporarily inflated through coordinated trades or flash-loan activity, increasing its borrowing power within the protocol.

With the collateral valuation elevated, the address borrowed other assets, including CAKE, BTCB, and BNB. As the value of the collateral fell and the position became undercollateralized, liquidation bots began repaying portions of the debt, triggering large liquidation events across the affected markets.

Preliminary community estimates suggest Venus may be left with roughly $1.7 million to $2 million in bad debt, largely associated with the CAKE market. Tens of millions of $THE tokens were reportedly pushed into liquidation queues as the collateral position collapsed.

Venus Protocol confirmed the incident in a statement posted on X, writing that it had identified “unusual activity involving the $THE pool” and was investigating the matter. The team said the activity appears limited to the $THE and $CAKE markets, with no evidence of a broader protocol compromise.

As of early Sunday, the suspected exploiter’s wallet remained active on BNB Chain with the extracted assets still visible onchain. Analysts note the event appears to involve manipulation of collateral mechanics rather than a direct vulnerability in the Venus smart contract code.

The timing has also drawn attention because a Venus governance proposal to remove $THE as collateral was reportedly scheduled for consideration soon. The governance process may now determine how the platform addresses the resulting bad debt or potential recovery actions.

The situation remains under investigation, and Venus has not announced a protocol-wide pause.

FAQ 🔎

• What happened on Venus Protocol?
  A wallet allegedly used large amounts of $THE token as collateral to borrow roughly $3.7 million in crypto assets before liquidations occurred.
• Which assets were involved in the Venus incident?
  Onchain data shows BTCB, CAKE, and WBNB were borrowed using $THE token as collateral.
• Was Venus Protocol hacked?
  Current analysis suggests the event involved collateral manipulation rather than a direct smart contract exploit.
• Are Venus users’ funds at risk?
  Venus stated the issue appears limited to the $THE and $CAKE markets, with no broader protocol compromise reported.