On March 15, 2026, an attacker bypassed the THE (Thena) market's supply cap on Venus Protocol's Core Pool (BNB Chain), inflated a collateral position to 3.67x the intended limit, and borrowed ~$14.9M in assets [1]. Early media reports framed this as a ~$3.7M exploit, but the on-chain picture is more complex: both the protocol and the attacker ended up losing money.
Venus's own post-mortem [1] and several prior analyses [2, 3, 4] have dissected the attack mechanism in detail, covering the supply cap bypass, the donation attack vector, and the basic fund flow. This article does not retread that ground. Instead, it examines the on-chain profit-and-loss picture for both the protocol and the attacker, focusing on the systemic risks exposed in lending protocol defenses.
By analyzing the attack and liquidation process and tracing the full fund flow, this article finds that 254 liquidation bots competed across 8,048 transactions to unwind the position, yet $2.15M in bad debt remained [1]. Liquidation was triggered but fell short. The attacker invested $9.92M and retained only ~$5.2M after all liquidations, an on-chain net loss of ~$4.7M. These findings reveal how all three lines of defense in lending protocols failed under real stress, while early warning signals that did emerge could not be effectively acted upon. This exposes the limitations of existing safeguards and underscores the need for the community to learn from this incident and strengthen its monitoring and early warning capabilities.
Background
Supply caps are a standard risk control in Compound-style lending markets. They limit how much of a given asset can be deposited as collateral, providing a ceiling on the protocol's exposure to volatile or low-liquidity tokens. Venus set a supply cap of 14.5M THE for its THE market, reflecting the token's thin on-chain liquidity.
Behind the supply cap sit two additional safety layers. Oracle-based collateral valuation determines how much a borrower can draw against their deposits. If a position becomes undercollateralized, a competitive liquidation market is expected to step in: third-party bots repay the debt and seize collateral at a discount, keeping the protocol solvent.
This three-layer structure (exposure limits, valuation, liquidation) forms the risk framework for most lending protocols. The Venus THE incident tested all three layers simultaneously, and all three proved insufficient. The following sections examine how each layer was tested and where it fell short.
The Attack
The Bypass: Donation Attack
Supply caps in most Compound forks only constrain the mint path: the standard deposit function that checks the cap before issuing vTokens. They do not account for tokens transferred directly to the contract address.
The attacker exploited this gap. A direct ERC-20 transfer to the vTHE contract increases the contract's underlying token balance without minting new vTokens. In Compound-style accounting, this inflates the exchangeRate between vTokens and the underlying asset. Any existing vToken holder benefits: their vTokens now represent a claim on more underlying tokens, increasing their effective collateral value as seen by the protocol.
This "donation attack" is a known class of vulnerability in Compound forks. Any protocol that enforces supply caps only on the mint path is susceptible: the effective exposure to the underlying asset can far exceed the cap without triggering any limit check.
Preparation (June 2025 to March 2026)
The attack did not begin on March 15. The attacker received 7,447 ETH through Tornado Cash via a funding address (0x7a79...f234), deposited the ETH into Aave as collateral, and borrowed $9.92M in stablecoins (USDT, DAI, USDC). These funds were distributed across multiple wallets to purchase THE starting in June 2025, gradually building a combined position that reached 84% of the supply cap (approximately 12.2M THE) by the morning of the attack.
Attacker's cumulative vTHE position (June 2025 to March 2026). Gradual accumulation over 9 months, followed by complete liquidation.
This nine-month preparation period was visible on-chain the entire time. After each deposit, the protocol's on-chain state (total supply, position concentration relative to the cap) was publicly queryable. However, each individual transaction was routine and would not trigger conventional alerts. Detecting this type of risk requires continuous monitoring of protocol-level state changes, an area where protocol security frameworks may need to improve.
The attacker operated through multiple addresses, all traceable to a single Tornado Cash funding source:
| Address | Role |
|---|---|
| 0x7a79...f234 | Funding: received 7,447 ETH from Tornado Cash, deposited into Aave, borrowed $9.92M in stablecoins |
| 0x43c7...2f82 | Attacker EOA |
| 0x737b...a619 | Attack contract: executed donation bypass and borrowing in Phase 2-3. Liquidated at 12:04 UTC. |
| 0x1a35...6231 | Attacker wallet: supplied THE via mint path, held vTHE |
Execution (March 15, 2026)
At 11:00 UTC, the attacker held 12.2M THE within the protocol, still within the 14.5M cap. At approximately 11:55 UTC, the attacker deployed the attack contract (0x4f477e...f5663f) [1], executing the donation bypass and initial borrowing atomically in the constructor. Six wallets transferred a combined ~36M THE directly to the vTHE contract, inflating the exchange rate 3.81x. The attack contract, which had been granted permission to borrow against 0x1a35's position, then borrowed assets against the inflated collateral.
From ~12:00 to 12:42 UTC, both addresses executed follow-up transactions in a recursive leverage loop [1]:
- Borrow assets against the inflated collateral (
CAKE,BNB,BTCB,USDC) - Swap borrowed assets into
THEon the open market - Donate
THEto thevTHEcontract, further inflating the exchange rate and pushing up the price - Repeat with increased borrowing power
| Time (UTC) | THE Supplied |
% of Cap | Status |
|---|---|---|---|
| 11:00 | 12.2M | 84% | Within cap |
| 12:00 | 49.5M | 341% | Cap bypassed |
| 12:42 | 53.2M | 367% | Peak before liquidation |
Timeline data sourced from Venus post-mortem [1].
Due to THE's extremely thin on-chain liquidity, even modest purchases caused significant price impact. THE's aggregated market price surged from approximately $0.26 to over $0.53 (per CoinMarketCap). Venus's Resilient Oracle (RedStone as primary, Binance as pivot) initially rejected the spiking price: starting from ~11:55 UTC, the BoundValidator reverted for approximately 37 minutes as the Binance feed diverged wildly, reaching nearly $4 [1]. During this window, the oracle could not update THE's price. As the attacker sustained buy pressure across multiple venues in RedStone's aggregation, both feeds eventually converged at the elevated level around ~12:32 UTC. The Resilient Oracle accepted the price at approximately $0.51 [1], and the protocol began valuing the attacker's collateral at the manipulated rate.
Price fluctuations of the THE token before and after the attack.
The combined effect of exchange rate inflation (3.81x via donation) and price manipulation ($0.26 β $0.51) multiplied the attacker's borrowing power roughly sevenfold. Yet THE's real market depth was a fraction of even this oracle-reported value.
Overextension and Collapse (~12:42 UTC onward)
After extracting the first round of borrowed assets, the attacker could have stopped. Instead, they continued deploying borrowed funds to buy more THE, attempting to force another price leg up. This pushed the health factor close to 1 [1]. At 12:42 UTC, the position reached its peak at 53.2M THE.
Once the buying pressure stopped, there was nothing supporting THE's inflated price. Selling pressure from liquidation bots and panicked holders overwhelmed the thin bid-side liquidity, and THE's price collapsed from ~$0.51 to approximately $0.22 [1], well below the pre-attack level of $0.26. Cascading liquidations unwound approximately 42M THE in collateral [1], and the protocol's last line of defense activated: third-party liquidators stepping in to limit losses.
The Liquidation Reality
In DeFi lending, the assumption is straightforward: when positions go underwater, third-party liquidators step in, repay the debt, seize the collateral at a discount, and keep the protocol solvent. The Venus THE incident did not break this mechanism. It exposed its limits.
They Came. It Was Not Enough.
On-chain liquidation data (sourced from Venus's Dune dashboard [5], with additional transaction-level analysis) reveals:
| Metric | Value |
|---|---|
Total liquidation transactions (vTHE, Mar 15) |
8,048 |
| Unique liquidation callers | 254 |
| Liquidation entry contract | 0x0870...cf43 (Venus Core Pool Liquidator) |
| Total assets borrowed from Venus | ~$14.9M [1] |
| Remaining bad debt | ~$2.15M [1] |
The Dune dashboard records 0x0870...cf43 as the liquidator for all transactions. This address is Venus's Core Pool Liquidator contract, a permissionless entry point through which any external caller can execute liquidations. Querying the actual transaction senders reveals 254 distinct addresses competing for liquidation opportunities across 8,048 transactions.
Of the 8,048 vTHE liquidation transactions, 8,039 targeted the attacker's main position (0x1a35); the remaining 9 liquidated four unrelated users with small vTHE holdings who were caught in the price collapse.
Participation did not translate into full recovery. The bots seized vTHE and repaid debt denominated in BNB, BTCB, CAKE, USDC, and WBNB. To realize any profit, they needed to sell that THE on the open market. With 53M THE having just been dumped into a market with only a few million dollars of depth, the seized collateral could not be converted to stable value without massive slippage. The result: $2.15M in debt could not be covered, becoming bad debt on Venus's balance sheet.
Two Positions, Two Outcomes
The attacker operated two positions with different collateral types [2]. The two served complementary roles: 0x1a35 was the primary position that accumulated THE over nine months and borrowed valuable assets against the inflated collateral, while 0x737b was the attack contract that executed the donation bypass atomically and borrowed THE (using USDC as collateral) to further inflate the exchange rate. Their liquidation outcomes differed in both timing and mechanism:
| Address | Collateral | Txs | Debt Repaid | Outcome |
|---|---|---|---|---|
| 0x737b (attack contract) | vUSDC |
603 | $729K | ~$359K THE debt remaining [1] |
| 0x1a35 (attacker wallet) | vTHE |
8,039 | ~$12.0M recovered | ~$1.79M bad debt (seized THE illiquid) |
The 0x737b position was liquidated first, starting 12:04 UTC during the pump phase [2]. Its collateral was 1.58M USDC (fixed value) while its debt was denominated in THE. The position was created with minimal margin at THE ~$0.26. As the attacker kept buying THE on DEX and pumping its market price toward ~$0.51, the THE debt value far exceeded the USDC collateral, triggering liquidation. Liquidators seized the USDC, but even after 603 transactions the seized collateral could not fully cover the THE debt, leaving ~1.85M THE (~$359K) unpaid [1]. This was likely by design: 0x737b's purpose was to borrow THE for the donation bypass, and once that mission was complete, losing the USDC collateral was an acceptable cost.
The 0x1a35 liquidation tells the real story. Its collateral was THE itself. 254 bots competed to liquidate it across 8,039 transactions, but the seized THE could not be sold at anything close to its oracle-reported value. The timeline shows the dynamic:
| Hour (UTC) | Txs | Debt Repaid | Phase |
|---|---|---|---|
| 12:00-12:59 | 3,416 | ~$3.83M | THE price collapsing, heaviest slippage |
| 13:00-13:59 | 4,626 | ~$10.40M | Price stabilizing, bulk of liquidation |
Both positions contributed to the protocol's losses: ~$359K from 0x737b's uncovered THE debt and the remainder from 0x1a35's illiquid THE collateral. Of the ~$14.9M total borrowed from Venus [1], liquidators managed to recover most of it. The remaining ~$2.15M became bad debt on Venus's balance sheet.
A note on Dune-derived figures: The Venus Dune dashboard [5] values seized collateral and repaid debt using daily snapshot prices from its
daily_market_infotable. BecauseTHE's price crashed intraday from ~$0.53 to $0.22, USD figures derived from Dune (including the hourly breakdown above and the revenue-side figures in the following section) may deviate from real-time values. Where official figures are available (total borrowed ~$14.9M, bad debt ~$2.15M [1]), we use those as the authoritative source. While absolute USD values may vary, the underlying trends and conclusions remain consistent.
Following the Money
The liquidation data shows how the positions were unwound. To understand the attacker's actual P&L (Profit and Loss), we need to look beyond individual transactions and compare what the attacker put in versus what they retained after all liquidations completed.
What Went In
The attacker's funding chain: 7,447 ETH received via Tornado Cash, deposited into Aave as collateral, borrowed $9.92M in stablecoins (USDT, DAI, USDC), and distributed to multiple wallets to acquire THE and vTHE over nine months. The entire $9.92M was converted into THE positions on Venus. After the attack, all THE collateral was liquidated, and this investment was effectively wiped out.
What Was Borrowed from Venus
At peak (12:42 UTC), the attacker had borrowed approximately $14.9M in total from Venus [1]:
| Address | Collateral | Borrowed Assets |
|---|---|---|
| 0x1a35 (attacker wallet) | 53.2M THE |
6.67M CAKE + 2,801 BNB + 1,972 WBNB + 1.58M USDC + 20 BTCB |
| 0x737b (attack contract) | 1.58M USDC |
4.63M THE |
Not all borrowed assets were extracted as profit. A significant portion was recycled back into the attack:
- 0x1a35 repeatedly borrowed
BNBfrom Venus, swapped it forTHE, and donated theTHEdirectly to thevTHEcontract to sustain the price pump and exchange rate inflation [1]. - 0x737b executed 48 transactions during Phase 3 (function signature
0x91f38bff). Two of these borrowed and retained valuable assets (CAKE,WBNB): 0x4253a8...eca296 and 0xfd64d0...154808. The remainder were borrow-swap-donate loops: borrowing assets from Venus, swapping them intoTHE, and donating theTHEto thevTHEcontract. - 1.58M
USDCborrowed by 0x737b was immediately re-supplied as its own collateral [1]. ThisUSDCwas later seized during liquidation and never left the protocol. - 4.63M
THEborrowed by 0x737b was donated directly to thevTHEcontract to inflate the exchange rate [1].
What the Attacker Retained
After both Venus positions were liquidated, we checked the final token balances across all attacker-controlled addresses (via DeBank):
| Address | Token | Amount | USD Value |
|---|---|---|---|
| 0x1a35 | CAKE |
1,500,000 | ~$2.24M |
| 0x1a35 | BTCB |
20 | ~$1.48M |
| 0x1a35 | WBNB |
200 | ~$0.14M |
| 0x737b | WBNB |
1,972.53 | ~$1.33M |
| 0x737b | CAKE |
16,093 | ~$0.02M |
| Total retained | ~$5.21M |
The Aave position (7,447 ETH collateral, ~$9.92M debt) remains open and unchanged (health factor of 1.45). The $9.92M in stablecoins was withdrawn to BNB Chain and converted to THE, but this does not reduce the Aave debt. From Aave's perspective, the attacker is simply a borrower with sufficient collateral. The attacker retains access to the ETH minus outstanding debt.
Net On-Chain P&L
| USD | |
|---|---|
Total invested (Aave borrowings β THE, all lost in liquidation) |
-$9.92M |
| Total retained (Venus borrowed assets kept after liquidation) | +~$5.21M |
| Net on-chain loss | ~-$4.71M |
The on-chain operation was clearly unprofitable. Of the ~$14.9M borrowed from Venus, the attacker kept only ~$5.21M. The remainder was either recycled into THE donation loops, seized during liquidation, or absorbed as protocol bad debt.
Protocol Losses
After all liquidations completed, Venus was left with approximately $2.15M in bad debt [1]:
| Asset | Amount | USD Value |
|---|---|---|
CAKE |
~1.18M | ~$1.79M |
THE |
~1.85M | ~$0.36M |
| Total bad debt | ~$2.15M |
Value Distribution
| Party | Net P&L | Notes |
|---|---|---|
| Attacker (on-chain) | ~-$4.71M | $9.92M invested, ~$5.21M retained |
| Venus Protocol | -$2.15M | Bad debt after all liquidations [1] |
| Third-party liquidators | Unknown | 254 bots participated; P&L depends on THE exit prices |
| Attacker (CEX) | Unknown | Possible perp positions, unverifiable |
In a typical DeFi exploit, the protocol or LP suffers a loss, the attacker profits, and the "missing value" between the two is captured by third parties such as liquidators, arbitrage traders, and block builders. This incident breaks that pattern: the attacker also lost money on-chain (~$4.71M). Whether this loss was offset by off-chain positions (e.g., perpetual futures on centralized exchanges [3, 4]) remains unverifiable.
Lessons: Three Lines of Defense
The attack exploited a known vulnerability, used a textbook leverage loop, and still caused $2.15M in bad debt. The real failure was not any single mechanism but the compounding effect of weaknesses across the entire risk stack.
First Line: Exposure Limits
Venus's supply cap only constrained the standard mint path. Direct token transfers to the vToken contract bypassed it entirely. Any risk control that relies on accounting assumptions must validate those assumptions across all possible state-changing operations, not just the expected deposit flow.
Second Line: Collateral Valuation
The Resilient Oracle's reported price (~$0.51) was close to the aggregated market price, and the BoundValidator correctly rejected the extreme Binance feed for 37 minutes [1]. Yet even a "correct" market price is meaningless for collateral worth tens of millions when the underlying market has only a few million dollars of depth [3]. This position allowed the attacker to borrow ~$14.9M in assets [1], yet the THE collateral could only realize a fraction of its oracle-reported value when liquidated, contributing to $2.15M in total bad debt. For illiquid tokens, nominal overcollateralization provides no real safety margin when the collateral cannot be sold at oracle prices. Lending protocols should incorporate liquidity-adjusted collateral valuation that accounts for market depth, expected slippage, and concentration risk.
Third Line: Liquidation
The entire lending model assumes that when positions go underwater, liquidators will step in and make the protocol whole. In this incident, 254 liquidation bots processed 8,048 transactions on the vTHE position alone. The liquidation market was active and competitive. It still was not enough: $2.15M in bad debt remained. The problem was not a lack of liquidators but a lack of liquidity. When 53M THE hit a market with only a few million dollars of depth, no amount of bot competition could convert the seized collateral into enough value to cover the outstanding debt. Protocols cannot treat liquidation as a reliable backstop when the collateral's realizable value diverges sharply from its oracle-reported value.
The Monitoring Gap
The nine-month accumulation phase was visible on-chain from the beginning: a single entity approaching the supply cap, increasing concentration in a low-liquidity asset, gradual position building over months. Venus has acknowledged that "some community members flagged this address prior to the exploit," but noted that "the address was operating entirely within protocol limits at the time" and that, as a permissionless protocol, "we cannot and should not freeze or blacklist addresses based on suspicion alone" [1]. As part of its remediation, Venus has stated that it is "exploring on-chain risk monitoring mechanisms that can flag anomalous accumulation patterns and trigger governance-level review" [1].
The missed signals extend beyond the slow buildup. According to Venus's post-mortem [1], the oracle's defense mechanism did work as designed: the BoundValidator rejected the extreme Binance feed and reverted for 37 minutes, effectively blocking price updates during the initial manipulation window. However, no monitoring system escalated this anomaly. An oracle continuously reverting on a market where a single entity holds over 3x the supply cap is a high-severity real-time signal. Thirty-seven minutes is a significant window. Had this triggered an automated circuit breaker or even a manual review, pausing the THE market before the oracle re-converged could have prevented the bulk of the borrowing. This also exposes a broader gap: protocol defense mechanisms that activate and then silently resolve, without any alert or escalation path, provide protection only against the simplest attacks.
This points to two distinct capability gaps. The first is long-horizon position monitoring: tracking how a single entity's concentration in a low-liquidity asset evolves over time relative to supply caps, market depth, and liquidation capacity. No single transaction during the nine-month buildup was malicious, and no rule was broken. The second is real-time oracle health monitoring: detecting sustained oracle anomalies on markets with abnormal concentration and escalating them to circuit-breaker mechanisms. Both require continuous monitoring infrastructure that looks beyond individual transactions, correlating on-chain state changes across addresses and time windows to surface systemic risk before it materializes.
Conclusion
The Venus THE incident did not reveal a novel vulnerability. It showed how a known attack vector, executed with patience, can overwhelm a protocol's entire risk stack when each layer assumes the others will hold. Warning signals were visible on-chain for months, yet the gap between detection and intervention remains unresolved. Bridging that gap through liquidity-aware risk parameters, automated circuit breakers, and position-level monitoring is the central lesson this incident leaves for the DeFi lending community.
References
- [1] Venus Protocol, "$THE Market Incident: Post-Mortem": https://community.venus.io/t/the-market-incident-post-mortem/5712
- [2] AllezLabs, "Venus Protocol THE Incident Timeline": https://x.com/AllezLabs/status/2033239532355858536
- [3] hklst4r, "Venus THE Attack Analysis": https://x.com/hklst4r/status/2033192855443808515
- [4] EmberCN, "Venus THE Attacker Fund Flow": https://x.com/EmberCN/status/2033204517467308144
- [5] Venus Protocol Liquidation Dashboard (Dune): https://dune.com/xvslove_team/venus-liquidations
About BlockSec
BlockSec is a full-stack blockchain security and crypto compliance provider. We build products and services that help customers to perform code audit (including smart contracts, blockchain and wallets), intercept attacks in real time, analyze incidents, trace illicit funds, and meet AML/CFT obligations, across the full lifecycle of protocols and platforms.
BlockSec has published multiple blockchain security papers in prestigious conferences, reported several zero-day attacks of DeFi applications, blocked multiple hacks to rescue more than 20 million dollars, and secured billions of cryptocurrencies.
-
Official website: https://blocksec.com/
-
Official Twitter account: https://twitter.com/BlockSecTeam
-
π Phalcon Compliance
