Supply Cap Exploit Drains $3.7M from Venus Protocol Platform
An attacker exploited the decentralized finance platform using Thena tokens to circumvent supply limits, enabling the unauthorized borrowing of multiple cryptocurrencies.
On Sunday, Venus Protocol, a platform operating in the decentralized lending and borrowing space, reported that it had identified irregular trading patterns within the liquidity pool associated with the Thena (THE) token, which serves as the native digital currency for the Thena decentralized finance ecosystem.
According to a statement released by Venus Protocol, the irregular trading patterns were confined to pools involving the Cake (CAKE) token, which is the native digital currency of the PancakeSwap decentralized trading platform, as well as the Thena token. In their official communication, the Venus team stated:
"As we continue to investigate the unusual activity in the THE pool, we are taking precautionary action by pausing all THE borrows and withdrawals effective immediately, to prevent any further misuse. This will remain in effect until the investigation is concluded."
According to Allez Labs, which Venus Protocol has designated as its risk management partner, the irregular trading patterns are believed to represent a supply cap exploit that unfolded across two distinct stages: a gradual acquisition of approximately 84% of the entire THE token market capitalization, combined with an attack on the lending mechanism.
According to Allez Labs, the individual who exploited Venus utilized the Theta token as security to obtain loans totaling 6.67 million CAKE tokens, 1.58 million USDC (USDC), 2,801 BNB (BNB) — which is the native cryptocurrency of the BNB chain — along with 20 Bitcoin (BTC).
As a protective measure, Allez Labs indicated that withdrawals and borrowing capabilities for additional tokens with limited liquidity on the platform were also suspended on a temporary basis. According to Wu Blockchain, the cumulative financial damage from the exploit has now exceeded $3.7 million.
As of this writing, THE was valued at $0.2255 per unit, representing a decline of more than 17% over the previous 24-hour period, based on market data available through CoinMarketCap.com.
Cointelegraph made an attempt to contact Venus Protocol for additional comment but had not received a reply prior to the time this article was published.
The breach underscores the persistent cybersecurity challenges and code vulnerability risks confronting cryptocurrency users and decentralized finance platforms, particularly as the industry continues its expansion and malicious actors develop increasingly advanced techniques that result in significant financial damages.
Monthly crypto losses from hacks fall in February, as attackers pivot to social engineering scams
The financial damage resulting from cryptocurrency-related security breaches declined to $49 million during February, marking the lowest figure recorded in approximately one year, based on data compiled by blockchain security company PeckShield.
While the overall value lost to security breaches and code vulnerabilities decreased throughout February, there was a notable increase in phishing attacks and social engineering schemes targeting cryptocurrency holders.
"The majority of individual attacks targeted private users through phishing attacks, malicious signatures, and address poisoning scams," according to a report from blockchain intelligence platform Nominis.
Phishing schemes frequently employ counterfeit websites that utilize web addresses closely resembling authentic domain names. These deceptive platforms contain malicious software engineered to compromise private keys associated with cryptocurrencies or capture other confidential user information.