Venus Protocol left with roughly $2M in bad debt after exploit manipulates Thena’s THE token price
Venus Protocol incurred about $2.15 million in bad debt after an attacker manipulated the price of Thena's low-liquidity THE token.Summary
Venus Protocol, the largest lending platform on BNB Chain, suffered approximately $2.15 million in bad debt following a price manipulation exploit targeting Thena's native token, THE. The attacker used a classic oracle manipulation loop, depositing THE as collateral, borrowing assets, and using the proceeds to inflate THE's price via TWAP oracles, which was exacerbated by a "donation attack" bypassing supply caps.
On-chain researcher Weilin Li flagged the attack, noting the playbook mirrored the 2022 Mango Markets exploit. While the attacker pumped THE's price from $0.27 to nearly $5, subsequent liquidation pressure caused the price to crash below its pre-attack level, suggesting the attacker may not have profited solely on-chain. The bad debt consists of 1.18 million CAKE and 1.84 million THE tokens.
This incident adds to Venus Protocol's history of losses, including significant bad debt from past XVS token manipulation, the Terra/LUNA collapse, and a previous $700,000 loss via a similar donation attack on its ZKSync deployment. The donation attack vector used was a known vulnerability previously disputed by the Venus team during a security audit.
(Source:The Block)