Venus Protocol bad debt accumulates $2.15 million following a sophisticated price manipulation attack on March 15, 2026. The decentralized lending platform, operating on the BNB Chain, fell victim to an exploit that leveraged the low liquidity of Thena’s native token, THE, to drain approximately $3.7 million in assets. This incident highlights persistent vulnerabilities within Compound-forked protocols and raises critical questions about risk management in the DeFi landscape.
Anatomy of a DeFi Exploit
The attacker, whose wallet address 0x1a35…6231 was initially funded with 7,400 ETH from Tornado Cash, meticulously orchestrated the exploit over nine months. Starting in June 2025, the perpetrator accumulated approximately 84% of Venus Protocol’s THE supply cap (14.5 million tokens). To bypass the protocol’s inherent safeguards, a ‘donation attack’ was employed, directly transferring THE tokens to the vTHE contract instead of standard minting. This cunning maneuver artificially inflated the protocol-recognized exchange rate, pushing the collateral position to an astonishing 53.2 million THE – roughly 3.7 times the allowed limit.
The attacker repeatedly deposited THE as collateral, borrowed other high-value assets such as Bitcoin (BTC), BNB, and CAKE, and then used these borrowed funds to purchase more THE, further inflating its oracle price. This cyclical manipulation continued until the inevitable collapse of THE’s price, triggering forced liquidations and leaving Venus Protocol with significant bad debt. The assets extracted included roughly 20 BTC, 1.5 million CAKE, and 200 BNB. The subsequent Venus Protocol bad debt accumulates to 1.18 million CAKE and 1.84 million THE in outstanding loans.
Explore more related Fraudulents news
The Vulnerability: A Known Quantity
This exploit targeted a known vulnerability in Compound-forked protocols, specifically a supply cap execution flaw in Venus Protocol’s older code. The thin on-chain liquidity of THE made it particularly susceptible to oracle price manipulation. Intriguingly, this ‘donation attack’ vector had been identified and flagged in a previous Code4rena security audit of Venus, though the Venus team had reportedly disputed the assessment at the time. This raises serious concerns about the efficacy of audit responses and proactive security measures within DeFi projects.
“The persistent recurrence of similar exploits on Venus Protocol underscores a critical need for robust, multi-layered security frameworks and a more responsive approach to identified vulnerabilities within decentralized finance platforms.”
Venus Protocol’s Troubled History
In immediate response, Venus Protocol paused borrowing and withdrawals for THE and froze several other markets with high liquidity concentration as a precautionary measure. However, this incident is not an isolated event for the platform. Venus Protocol bad debt accumulates from a history of previous exploits and market events, painting a concerning picture of its resilience and risk management. Past incidents include $95 million in 2021 from XVS token manipulation, $14 million in 2022 due to the Terra/LUNA collapse, and over $700,000 in February 2025 from a similar donation-style attack on its ZKSync deployment. Each event adds to the growing tally of Venus Protocol bad debt, highlighting systemic challenges.
Implications for DeFi Security
The latest exploit on Venus Protocol serves as a stark reminder of the inherent risks in decentralized finance, particularly concerning low-liquidity tokens and complex protocol interactions. As the DeFi ecosystem continues to evolve, the onus is on platforms to not only conduct thorough security audits but also to proactively address identified vulnerabilities, even those initially disputed. Investors and users must remain vigilant, understanding that even established platforms can harbor significant risks, especially when past exploits indicate recurring weaknesses. The ongoing accumulation of Venus Protocol bad debt underscores the urgent need for enhanced security protocols and transparent risk disclosure across the entire DeFi sector.




