The decentralized finance sector is effectively accustomed to lightning-fast exploits, with hackers making off with thousands and thousands within the blink of a watch. Nevertheless, a current assault on Venus Protocol was neither fast, nor worthwhile.
Certainly, the months-long exploit ended with the attacker down $4.7 million… on-chain, a minimum of.
The most recent evaluation of Sunday’s hack from audit agency BlockSec states that “the on-chain picture is more complex” than the widely-reported $3.7 million hack, and that “both the protocol and the attacker ended up losing money.”
254 bots, 8,048 liquidation txs, nonetheless $2.15M in dangerous debt. The attacker misplaced ~$4.7M on-chain. Either side misplaced cash.
— BlockSec Phalcon (@Phalcon_xyz) March 18, 2026
The assault itself was long-planned and concerned accumulating Thena’s THE token over 9 months. Allez Labs’ technical submit mortem describes how the hacker constructed up appreciable THE positions, funded by way of Twister Money.
They then surpassed Venus’ THE provide cap, manipulated the worth of their THE used as collateral, and borrowed property price nearly $15 million towards it.
Nevertheless, BlockSec’s evaluation of the on-chain profit-and-loss discovered that the hacker “invested $9.92 million and retained only ~$5.2 million after all liquidations, an on-chain net loss of ~$4.7 million.”
Regardless of the on-chain loss incurred, their payoff might have come from off-chain positions, reminiscent of centralized alternate accounts.
Venus Protocol itself was left with $2.1 million of dangerous debt as liquidation bots bought THE collateral into skinny liquidity. Allez Labs additionally notes that the assault vector “was flagged in a 2023 Code4rena audit but dismissed as having ‘no negative side effects.’”
One safety researcher claims to have made $15,000 shorting THE while monitoring the exploit.
Venus: Too near the solar
Venus Protocol is the biggest lending platform on BNB Chain (previously Binance Sensible Chain), with $1.45 billion in whole worth locked.
Launched in 2020, it’s seen greater than its justifiable share of bother through the years.
In September, fears of a $27 million hack turned out to be a Venus person falling for a phishing rip-off. The protocol was paused and the person’s place was liquidated to get better the stolen funds.
We’re conscious of the person pockets being drained (good contract is secure) and are actively investigating.
Venus is presently paused following safety protocols. We are going to preserve you all up to date as quickly as we all know extra.
— Venus Protocol (@VenusProtocol) September 2, 2025
A 12 months in the past, the platform incurred $900,000 of dangerous debt “from an oracle manipulation attack that nobody saw coming… except everyone should have.”
The incident’s submit mortem report put the blame on “Mountain’s WUSDM Exchange Rate Oracle.”
In 2023, the protocol braced for the liquidation of $150 million in BNB from 2022’s $600M hack of the BNB Bridge.
Venus was one in all many protocols affected by the fallout of 2022’s LUNA meltdown. It accrued $14 million in dangerous debt when a Chainlink value feed for LUNA bottomed out.
Lastly, volatility on its native token XVS led to $200 million in liquidations and precipitated $90 million in dangerous debt again in 2021.
