Venus Protocol Exploit Results in $3.7M Loss Due to Supply Cap Manipulation

Venus Protocol, a major lending platform on BNB Chain, has fallen victim to a sophisticated attack. The exploit was made possible due to a vulnerability in the protocol's smart contract that allowed an attacker to manipulate the supply cap of the THE token.

The attacker began accumulating THE tokens in June 2025, eventually holding over 14.5 million THE, representing around 84% of the platform's token supply cap. To bypass the usual deposit method, the attacker sent the tokens directly to the Venus contract, allowing them to create a much larger collateral position than intended.

With this large collateral in place, the attacker was able to borrow significant amounts of crypto from the lending pool, including 20 wrapped Bitcoin and over 1.5 million CAKE tokens. The protocol's team responded quickly to the exploit, temporarily pausing borrowing and withdrawals linked to THE while an investigation began.