Venus Protocol Suffers $3.7M Supply-Cap Attack

The Venus Protocol is one of the many DeFi platforms that have been impacted by the rise of sophisticated on-chain exploits. Recently, it was hit by a $3.7M supply-cap attack, which has raised concerns about the resilience of cross-chain DeFi.

The incident began with an irregular activity signal centered on the Thena (THE) pool, prompting an immediate pause on all borrows and withdrawals related to THE. The move is precautionary in nature, aiming to prevent a further spillover while investigators parse the sequence of events that allowed the attacker to capitalize on THE liquidity.

The attacker's approach involved a supply cap attack designed to accumulate a dominant share of THE's on-chain supply in two stages. In parallel, a lending attack was executed, leveraging Theta (CRYPTO: THETA) as collateral. This allowed the attacker to borrow a substantial amount of CAKE (CRYPTO: CAKE), USDC (CRYPTO: USDC), BNB (CRYPTO: BNB), and BTC (CRYPTO: BTC).

The combination of market capture and debt creation appears to have stretched the liquidity of the affected pools and increased risk exposure across Venus' lending market. Public disclosures show that 6.67 million CAKE, 1.58 million USDC, 2,801 BNB, and 20 BTC were among the assets borrowed using Theta as collateral.

At the time of reporting, THE traded around $0.2255, reflecting a material drop as traders digested the security event and its implications for the DeFi stack. The price move aligns with typical market responses to exploit disclosures, where risk premia rise and liquidity pools tighten in the wake of uncertain asset backing.