Venus Protocol, the decentralized lending protocol and largest lending platform on the BNB Chain ecosystem, has just recorded an estimated $2 million in bad debt following a price manipulation attack targeting the THE Token of the DeFi "super app" Thena. The incident occurred over the weekend when attackers exploited THE's thin on-chain liquidation to execute a familiar oracle manipulation loop in the decentralized finance sector.
According to blockchain data analysts, the tactic used was quite typical: the attacker deposited THE as collateral, borrowed other assets, then used the borrowed money to buy more THE and repeated the process. Meanwhile, Venus's time Medium price oracle gradually updated to reflect the "pumped" price, causing the collateral value to artificially increase. Prior to the incident, Venus had listed THE as collateral in the Core Pool – the protocol's main liquidation area.
The price of THE is believed to have been pushed from around $0.27 to nearly $5 in a short period of time. An on-chain researcher stated that he detected anomalies when an automated monitoring program detected large discrepancies between the price of THE on centralized and decentralized exchanges. This attack scenario bears many similarities to past oracle manipulations in the DeFi market, where low liquidation is often exploited to create extreme price volatility.
To scale beyond the supply limit of THE tokens allowed by Venus as collateral, the attacker deployed a "donation attack" technique. Instead of depositing assets via the usual Mint mechanism, they directly transferred THE Token into the vTHE contract, thereby distorting the internal exchange rate recorded by the protocol and partially disabling the limit mechanism. Venus subsequently confirmed the detection of unusual activity in the THE pool and temporarily suspended all borrowing and Token functions for investigation.
Subsequent events revealed that the attacker may not have reaped the profits they expected. After the first round of borrowing, the Medium price of the Venus oracle only increased by about $0.50 – still significantly lower than the inflated spot price. Attempts to continue buying THE to maintain the high price faced significant selling pressure from the market. As the account's safety factor approached the liquidation threshold, the attacker's position was forced to close. Due to the near-empty market liquidation , tens of millions of dollars worth of collateralized THE were dumped onto thin Order Book , causing the Token price to plummet to around $0.24, even lower than before the attack.
Some analysts believe the attacker may have made almost no direct profit on the chain, and may even have incurred losses. However, it cannot be ruled out that the Derivative opened short positions on external trading platforms to profit from the decline in THE. Preliminary statistics show that the bad debt incurred by Venus includes over one million CAKE Token and nearly two million THE Token . The wallet address associated with the incident was also found to have received initial Capital of thousands of ETH from a cryptocurrency mixing service, raising suspicions of cover-up.
This latest incident adds to Venus Protocol's chain of losses in recent years. Previously, the protocol accumulated significant bad debt following internal Token price manipulation, the collapse of the Terra ecosystem, and indirect impacts from bridging attacks on the BNB Chain. More recently, a similar "donation attack" on Venus's ZKSync implementation caused hundreds of thousands of dollars in losses, while a phishing scam targeting users in 2025 forced the protocol to temporarily suspend operations and trigger emergency governance voting.
