Venus Protocol Hit by $3.7M Flash Loan Attack on BNB Chain DeFi Platform

Venus Protocol, a decentralized finance (DeFi) lending platform on BNB Chain, confirmed a $3.7 million exploit on March 15, 2026. Suspicious trading activity was detected in the liquidity pool of the Thena (THE) token, the native cryptocurrency of the Thena decentralized finance platform.  

The unusual trading activity only affected pools for the Cake token, the native cryptocurrency of the PancakeSwap decentralized exchange, and the Thena token. It allowed the attackers to borrow multiple assets from the protocol. 

How did the attack happen? 

According to blockchain data, the attacker used an address 0x1a35…6231 to exploit the system. The attacker had begun the activity months earlier with a slow accumulation of approximately 84% of the supply cap, which is around $14.5 million in tokens. This activity was observed over a period of nine months, starting in June 2025.

The actual exploit took place when the attacker bypassed the normal deposit process and directly transferred the tokens to the protocol contract. It enables them to exceed the supply cap and build a massive 53.2 million THE collateral position, nearly 3.7 times the allowed limit. With the collateral, the attacker had borrowed 6.67 million CAKE tokens, 1.58 million USDC, 2801 BNB – the native token of the BNB chain, and 20 Bitcoin (BTC).

Allez Labs stated that, out of caution, it has temporarily halted borrowing and withdrawals for other tokens with low liquidity on the platform. This has pushed THE price from around $0.263 to nearly $0.563, before the market collapsed to $0.22 during liquidation.

Exploiting A Key Vulnerability 

The attackers exploited a known vulnerability in DeFi lending protocols that includes supply caps and oracle manipulation. They had bypassed supply caps by utilizing a donation mechanism, directly depositing THE tokens into the vTHE contract. This escalated the exchange rate and led the attacker to borrow against a falsely elevated collateral value. 

Venus Protocol acknowledged this incident and stated that they have started the investigation. It also announced precautionary measures. Borrowing and withdrawals of THE have been temporarily paused, and numerous markets that indicated high liquidity concentration, including BCH, LTC, UNI, AAVE, FIL, and TWT. 

The protocols also confirmed that all other markets remain operational and unaffected while the investigation continues. 

DeFi attacks saw a sharp increase 

As of early 2026, DeFi attacks have seen an increase in social engineering and phishing. The total value lost in January 2026 has reached approximately $86 million across 16 major platform hacks and a single social engineering attack on a hardware wallet, resulting in a staggering $282 million loss. 

Attackers are using AI tools to scan and exploit forgotten or unpatched code in older, established code. Phishing scams use fake websites featuring addresses that are nearly identical to legitimate domain names. The fraudulent websites have malware designed to steal private keys or other sensitive information. 

Final Thoughts 

The Venus Protocol attack has awakened the industry and pointed out the long-standing risks in DeFi, many of which were thought to have been resolved. This has also pushed platforms to adopt more sophisticated risk management across the BNB Chain and the broader DeFi ecosystem.