Gate News: On March 19, BNB Chain’s decentralized lending protocol Venus Protocol recently experienced a rare DeFi attack. Unlike previous “flash arbitrage” hacker operations, this attack lasted nine months and ultimately resulted in an on-chain net loss of about $4.7 million for the attacker, sparking renewed market concern over DeFi security mechanisms.
According to blockchain security firm BlockSec, the attacker continuously accumulated THE tokens via Tornado Cash, and after surpassing Venus-related supply limits, manipulated collateral asset prices to borrow nearly $15 million in crypto assets. However, during subsequent liquidations, due to insufficient liquidity, a large amount of collateral was sold off, leaving only about $5.2 million in assets, resulting in a significant loss compared to the approximately $9.92 million cost.
Although on-chain data indicates the attack failed, industry insiders suggest that the attacker may have hedged risks or realized gains through off-chain channels. At the same time, the incident also impacted the protocol itself. Triggered by liquidation mechanisms, Venus Protocol incurred about $2.1 million in bad debt, exposing potential flaws in its risk control and liquidity management.
Notably, Allez Labs revealed that this attack vector had been flagged in a 2023 audit but was not prioritized for fixing due to being assessed as having “limited impact.” This detail highlights the gap between DeFi security audits and actual risks.
As a key lending infrastructure on BNB Chain, Venus Protocol has historically faced multiple black swan events, including oracle manipulation, liquidation cascades, and cross-chain bridge security breaches. Although this attack did not profit the hacker, it further heightened market awareness of systemic risks in DeFi.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Litecoin Reorg Undoes MWEB Privacy Layer Exploit
Litecoin underwent a deep chain reorganization on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The incident resulted in a three-hour reorg that erased invalid transactions from the
CryptoFrontier3h ago
North Korean IT Workers Laptop Farm Scam: US Co-Conspirator Sentenced to 7–9 Years, Netting $2.8 Billion Over Two Years
Fortune reported that North Korea used laptop farms inside the United States, generating about $2.8 billion in revenue over two years to support nuclear weapons; annual tribute is $250–600 million. The U.S. citizen suspects Kejia Wang and Zhenxing Wang were each sentenced to 7.5 years and 9 years, respectively, for involvement exceeding 100 companies and 80 cases of identity theft. North Korea operated in the U.S. using U.S. identities and fixed devices, with funds mostly being converted via cryptocurrencies. Experts warn that an accomplice network still exists inside the country, and companies must strengthen identity verification, address tracking, and time zone/IP analysis.
ChainNewsAbmedia6h ago
Hong Kong Police Warn of Surge in Crypto Scams; Two Women Lose $1.24M in Recent Weeks
Gate News message, April 25 — Two Hong Kong women lost a combined HK$9.7 million (US$1.24 million) to crypto scammers over recent weeks, prompting local police to issue a public warning. Hong Kong police reported more than 80 fraud cases in a single week, with total losses exceeding HK$80 million (U
GateNews7h ago
Aave Proposes 25,000 ETH for Kelp DAO Exploit Relief Fund
Aave service providers put forth a governance proposal on Friday that would contribute 25,000 ETH worth nearly $58 million from the protocol's DAO to DeFi United, a coordinated relief effort to restore backing for rsETH following the Kelp DAO exploit. The proposed contribution aims to close the rema
CryptoFrontier7h ago
Android Malware Families Target 800+ Banking, Crypto Apps With Near-Zero Detection Rates: Zimperium
Gate News message, April 25 — Cybersecurity firm Zimperium has identified four active malware families—RecruitRat, SaferRat, Astrinox and Massiv—targeting over 800 applications across banking, cryptocurrency and social media sectors. The campaigns employ advanced anti-analysis techniques and
GateNews9h ago
TRADOOR Token Crashes 90% in 30 Minutes Amid Suspected Price Manipulation and Wash Trading
Gate News message, April 25 — TRADOOR token experienced a sharp 90% price crash over 30 minutes at 2:00 AM today, according to on-chain analyst Specter. The token had surged as much as 900% since March 2026 before the sudden collapse, raising suspicions of price manipulation and coordinated
GateNews11h ago
