Gate News: On March 19, BNB Chain’s decentralized lending protocol Venus Protocol recently experienced a rare DeFi attack. Unlike previous “flash arbitrage” hacker operations, this attack lasted nine months and ultimately resulted in an on-chain net loss of about $4.7 million for the attacker, sparking renewed market concern over DeFi security mechanisms.
According to blockchain security firm BlockSec, the attacker continuously accumulated THE tokens via Tornado Cash, and after surpassing Venus-related supply limits, manipulated collateral asset prices to borrow nearly $15 million in crypto assets. However, during subsequent liquidations, due to insufficient liquidity, a large amount of collateral was sold off, leaving only about $5.2 million in assets, resulting in a significant loss compared to the approximately $9.92 million cost.
Although on-chain data indicates the attack failed, industry insiders suggest that the attacker may have hedged risks or realized gains through off-chain channels. At the same time, the incident also impacted the protocol itself. Triggered by liquidation mechanisms, Venus Protocol incurred about $2.1 million in bad debt, exposing potential flaws in its risk control and liquidity management.
Notably, Allez Labs revealed that this attack vector had been flagged in a 2023 audit but was not prioritized for fixing due to being assessed as having “limited impact.” This detail highlights the gap between DeFi security audits and actual risks.
As a key lending infrastructure on BNB Chain, Venus Protocol has historically faced multiple black swan events, including oracle manipulation, liquidation cascades, and cross-chain bridge security breaches. Although this attack did not profit the hacker, it further heightened market awareness of systemic risks in DeFi.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Deepfake Call Tricks Cardano Dev, Exposes New Weak Spot
A Cardano developer says a realistic AI deepfake video call led to a laptop breach, a reminder that the next wave of crypto attacks may start with faces and voices rather than smart contracts.
The warning, shared with the Cardano community, describes an incident in which an impostor used
DailyCoin1h ago
French Prosecutors Charge 88 in Crypto Wrench Attack Ring
French authorities have charged 88 individuals, including 10 minors, in connection with kidnappings and extortions targeting cryptocurrency owners, according to a statement from the National Public Prosecutor's Office for Organized Crime (PNACO) released Friday. The charges are tied to 12 ongoing
CryptoFrontier3h ago
When DeFi is too slow for young people and too risky for old money: are we all using Treasury bond interest to shoulder junk bond risk?
DeFi once attracted young people with five-figure APY rates, but it is now seen as overpriced and carrying too much risk. Over the past year, more than $1.62 billion has been stolen, and at one point Aave’s interest rate spiked to 12.4%. The fair yield is about 12.55%, with a retail entry threshold of 18%. Institutional players prefer “strategy-isolated vaults” to reduce tail risk. Conclusion: high leverage is no longer in; in the future, we’ll need higher-risk pricing and insurance tools to accommodate both young people and old money.
ChainNewsAbmedia7h ago
Robinhood Warns of Phishing Emails Sent to Some Customers
Gate News message, April 27 — Robinhood alerted users on social media that some customers received fraudulent emails last Sunday evening claiming to be from noreply@robinhood.com with the subject line "Your recent login to Robinhood."
The phishing attempt stemmed from misuse of the account
GateNews8h ago
Websea Crypto Exchange Faces Suspected Exit Scam, Withdrawal Channels Closed
Gate News message, April 27 — Crypto trading platform Websea has suspended withdrawals and closed its C2C (peer-to-peer) channels, with multiple users reporting the exchange appears to have conducted an exit scam. The platform initially restricted withdrawals before completely shutting down the C2C
GateNews8h ago
RAVE Token Surges 110x in Two Weeks, Then Crashes 98% Amid Market Manipulation Allegations
Gate News message, April 27 — RAVE, the native token of RaveDAO (a Web3-based cultural community project), skyrocketed 110x in two weeks before plummeting 98% over two days on April 19-20, prompting comparisons to the infamous 2007 Lubo stock manipulation scandal in South Korea.
On April 18, RAVE r
GateNews11h ago
