Attacker Bypassed Supply Cap via Direct Transfer
On March 15, 2026, Venus Protocol — one of the leading lending protocols on BNB Chain — was subjected to a targeted attack that exploited a weakness in the protocol's supply cap system. According to The Defiant, the attacker used the low liquidity of the THENA token (THE) to execute what analysts suspect was a flash loan or price manipulation attack.
Instead of using the ordinary minting process, the attacker transferred THE tokens directly to the vTHE contract. This bypassed supply cap limitations and artificially inflated the internal exchange rate used by the protocol. With the manipulated rate as collateral, it became possible to take out loans far beyond what the actual value of the collateral should have allowed.
Stole 20 BTCB, 200 BNB, and 1.5 Million CAKE
The result of the attack was that the attacker succeeded in borrowing assets totaling approximately $3.7 million. Among the assets withdrawn were 20 BTCB, 200 BNB, and a full 1.5 million CAKE tokens. The protocol estimates it is left with about $2.15 million in defaulted debt after the incident.
THENA itself confirmed to the market that the protocol's own smart contracts were not compromised — the attack vector was exclusively on the Venus side.
Venus Halts Markets and Reduces Collateral Factors
Venus Protocol quickly confirmed «unusual activity» and implemented immediate countermeasures. All lending and withdrawals in the THE and CAKE markets were temporarily halted. In addition, the collateral factor (collateral factor) was set to zero for six other markets: BCH, LTC, UNI, AAVE, FIL, TWT, and lisUSD.
Common to these markets is low liquidity — defined as under $2 billion in market cap, under $100 million in volume, and under $40 million in DEX-TVL — combined with high concentration among individual users (over 60 percent). A full investigation is underway, and the protocol has announced a detailed report as soon as the analysis is complete.
Not the First Time Venus Has Been Hit
This is far from the first time Venus Protocol has been in the spotlight for security vulnerabilities. Back in May 2021, the protocol was hit by a price manipulation of the XVS token, which triggered over $200 million in forced liquidations and resulted in more than $95 million in defaulted debt. At that time, the protocol implemented an extensive nine-month rescue plan, including contributions from Binance.
In February 2025, Venus was again affected by a «donation attack» where the attacker used flash loans to inflate the internal price of the yield-bearing stablecoin wUSDM from $1.06 to $1.70. That incident caused the protocol losses of over $716,000, according to research material.
In September 2025, a single user lost $27 million in a phishing attack targeting Venus users, but the protocol's quick response — with forced liquidation of the attacker's wallet within seven hours — led to the full recovery of the stolen funds.
BNB Chain's DeFi Economy Under Pressure
The incident occurs during a period when BNB Chain's DeFi economy is already under pressure. According to research data, BNB Chain's total TVL had dropped to approximately $5.32 billion in March 2025, down from $8.5 billion in April 2024. Venus Protocol is nevertheless the largest lending protocol on the chain, with $692.6 million in active loans by the end of 2025.
The overall market picture reinforces the concern: Bitcoin is trading at around $73,700, and the Fear & Greed Index notes 23 out of 100 — in extreme fear territory. In such a climate, security vulnerabilities in DeFi protocols can have particularly significant ripple effects on user trust and liquidity.
The attack on Venus is a textbook example of how low liquidity and weak risk parameters can be exploited — not through brute force, but through the protocol's own mechanisms.
What Happens Next?
Venus Protocol has not yet announced a concrete plan for handling the $2.15 million in defaulted debt. Based on previous incidents, it is reasonable to expect that a governance proposal (VIP) will be presented to the community. The investigation report announced by the protocol will be crucial to understanding whether the weakness has been fully closed, or if similar attacks could recur against other low-liquidity markets on the platform.
