On March 15, 2026, Venus Protocol, the leading lending platform on the BNB Chain, was the target of a sophisticated attack that exploited the Thena token, known by its ticker, THE. The exploit has raised alarms within the crypto community, particularly concerning the platform’s security measures.
The manipulative attack involved an unprecedented price jump of THE from approximately $0.27 to an astonishing $5. This spike was achieved through a “donation attack,” enabling the attacker to bypass the platform’s operational protocols by depositing tokens directly into the contract rather than the usual deposit methods.
Following the attack, Venus Protocol quickly paused all borrowing and withdrawals related to THE. An investigation revealed that the attacker had amassed a total of 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin by leveraging the inflated value of THE as collateral. The resulting losses from this exploit are estimated to be about $3.7 million, with the protocol left grappling with roughly $2.15 million in bad debt.
The sudden price manipulation took advantage of the low liquidity of THE on-chain. By depositing THE tokens as collateral, the attacker engaged in a cycle of borrowing and buying more of the token, which pushed its price upwards as the oracle reacted to the inflated valuation.
Interestingly, the attacker initially funded the exploit with around 7,400 ETH sourced from Tornado Cash, a well-known crypto mixing service. However, despite their aggressive strategy, the attacker was forced into liquidation as sell pressure on THE increased, leading to a rapid collapse of the token’s price back down to around $0.24, significantly below its pre-attack value.
In light of these developments, Venus Protocol took to its social media channels to inform users of the unusual activity, reassuring stakeholders that it was actively looking into the incident and would keep the community updated.
Notably, this is not the first time Venus Protocol has found itself in a precarious position due to price manipulation. In 2021, manipulative tactics targeting its XVS token resulted in losses exceeding $95 million. Additionally, the protocol incurred $14 million in bad debt following the notorious Terra/LUNA collapse in 2022, and it was again impacted by a similar donation attack in February 2025, which resulted in over $700,000 in losses.
The attack highlights a known vulnerability in Compound-forked lending protocols, a concern that had originally been flagged in Venus’s security audits. Despite the warning from Code4rena, the team had dismissed the findings at that time, now it raises questions about their security protocols and the oversight in protecting the assets of users.
At the time of writing, THE was trading at $0.2255, reflecting a decline of more than 17% in the last 24 hours. This incident has not only impacted the stakeholders involved but has also reignited discussions about the importance of robust security measures in the rapidly evolving world of decentralized finance.
