Post-Mortem of the Venus THE Attack: How to Profit in a Fleeting Window?

marsbitPublished on 2026-03-16Last updated on 2026-03-16

Abstract

Approximately two hours ago, Venus Protocol's THE token was exploited using a classic Mango Markets-style price manipulation attack. The attacker targeted THE, a low-liquidity collateral asset, by depositing it, borrowing other assets, and using those to buy more THE, artificially inflating its price. Once the time-weighted average oracle updated, the inflated price allowed further leveraged borrowing. To bypass THE's borrowing cap, the attacker performed a "donation attack" by transferring THE directly to the vTHE contract, increasing the recognized collateral value. After the first manipulation phase, THE's price stabilized around $0.50. The attacker attempted to further amplify gains by continuing to buy THE, but mounting sell pressure limited price increases and pushed their health factor near 1.0, risking liquidation. The collateral, nominally valued around $30M, had extremely low liquidity, making large-scale liquidation at inflated prices impossible. Recognizing the situation, the writer opened a short position on THE with high leverage, anticipating a price collapse due to overvaluation, illiquidity, and forced selling. After liquidation, THE price plummeted to ~$0.24, below its pre-attack level, resulting in a ~$15K profit for the writer. Venus Protocol was left with ~$2M in bad debt. The attacker likely gained little or lost funds, though may have profited from off-chain positions. The event highlights that nominal collateral value in DeFi does not equal realizabl...

Two hours ago, VenuV's THE token was hit with a classic Mango Markets-style price manipulation attack.

The attacker targeted the low-liquidity collateral THE:

· First, collateralized THE

· Borrowed other assets

· Used the borrowed assets to buy more THE

· Pushed THE price higher

· Waited for the time-weighted average oracle price to update, then obtained higher collateral value and continued the cycle of borrowing.

Due to THE's extremely poor on-chain liquidity, its price was driven from $0.27 to nearly $5. The oracle price subsequently updated to around $0.5 (time-weighted average), giving the attacker room to further amplify leverage.

More critically, THE itself has a supply cap.


Normally, this would limit the attacker's ability to expand their position. But they used a classic old trick to bypass it: the Compound fork donation attack. After depositing a large amount of THE, they directly transferred THE to the vTHE contract, "donating" to further inflate the collateral value recognized by the system and break through the cap.

Attack transaction: 0x4f477e941c12bbf32a58dc12db7bb0cb4d31d41ff25b2457e6af3c15d7f5663f

After the first wave of the attack, THE's price stabilized around $0.5.

At this point, the attacker could have walked away with the borrowed assets. But they clearly wanted to maximize profits, so they continued to use the borrowed assets to buy THE, attempting another pump.

The problem arose: Although the price was abnormally high, selling pressure from the market became extremely intense. The attacker kept buying but could barely push the price higher. Eventually, they almost exhausted their borrowing capacity, and their position's health factor dropped close to 1, nearing liquidation.

By then, the situation was very clear: The attacker's collateral, including their pre-prepared assets and THE bought during the attack, had a nominal value of about 30M. But the core issue with this collateral was—there was simply not enough liquidity to absorb it. Once liquidation began, this THE would be dumped onto the market. And no one in the market could possibly absorb such a large volume at these inflated prices.

So what did I do?

When liquidation started, I directly opened a short position on THE. And this was a position where relatively higher leverage could be applied.

The reason was simple: High valuation, low liquidity, massive passive selling pressure, no buyers.

The outcome was unsurprising: After the liquidation ended, THE's price fell all the way back to around $0.24, even lower than the pre-attack price, because original holders also sold during the process.

I closed my short position here, profiting about 15K.

In the end, Venus was left with about 2M in bad debt.

As for how much the attacker actually profited, I haven't done a complete analysis; but judging from the operations of some addresses, they likely made little to no profit, or even blew themselves up. However, the attacker might still have profited from off-chain perp positions (just like our operation).

Venus's ~2M bad debt address: https://debank.com/profile/0x1a35bd28efd46cfc46c2136f878777d69ae16231

This incident once again demonstrates:


In DeFi, "nominal collateral value" does not equal "liquidation value". When the collateral itself lacks liquidity, the system sees 30M, but the market might only be able to realize a fraction of that.

In 2023, I published a paper titled 'Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems' which provides a detailed mathematical model of this type of attack. Interested readers can refer to: https://dl.acm.org/doi/10.1145/3605768.3623545

Related Questions

QWhat was the core strategy used by the attacker in the Venus THE exploit?

AThe attacker used a price manipulation strategy similar to the Mango Markets attack. They deposited the low-liquidity collateral THE, borrowed other assets, used those assets to buy more THE to drive its price up, waited for the time-weighted average oracle price to update to reflect the inflated value, and then repeated the cycle to gain higher borrowing power.

QHow did the attacker bypass the supply cap limitation on THE?

AThe attacker used a 'donation attack' by directly transferring THE tokens to the vTHE contract after a large deposit. This 'donation' artificially increased the total supply recognized by the system, allowing them to further inflate the collateral value and bypass the supply cap.

QWhy did the author of the article decide to open a short position on THE?

AThe author opened a short position because the attacker's collateral (THE tokens) had an extremely high nominal value but very low liquidity. They anticipated that once liquidation began, the massive sell pressure from the forced selling of these tokens would cause the price to crash dramatically, as there would be no market to absorb such a large volume at the inflated price.

QWhat was the final outcome for the attacker and the Venus protocol?

AThe attacker likely made little to no profit and may have even lost money from their on-chain maneuvers, though they might have profited from off-chain perpetual positions. The Venus protocol was left with approximately $2 million in bad debt.

QWhat key DeFi concept does this event highlight according to the article?

AThe event highlights that 'nominal collateral value' is not the same as 'liquidation value.' When collateral itself lacks sufficient liquidity, the value the system calculates can be vastly higher than the amount the market can actually realize during a liquidation event.

Related Reads

KOL's Perspective: Why Is SOL Set to Rise from This Point?

**Summary: Why SOL is Positioned for Growth at This Level** The article argues that SOL is poised for an upward move from its current price point, citing several key factors. Primarily, SOL has just broken out of a 4-month consolidation phase. This breakout signals a return of risk appetite to the broader crypto market, as SOL is seen as a key indicator of overall crypto health. The token's ownership has reportedly shifted from short-term traders and tourists to long-term accumulators, leading to low volume. Any meaningful increase in trading activity could thus trigger significant upward momentum. Fundamental strengths include strong institutional adoption, integration with DeFi and RWAs (Real-World Assets), and the potential benefits from the Clarity Act. Despite its high volatility—having dropped 70% from its all-time high but still up 12x from its bear market low—SOL is highlighted as one of the few tokens from the last cycle to reach new highs. It boasts a robust ecosystem of applications, users, and protocols. Future catalysts include the expected influx of AI developers following the Miami Accelerate conference, which focused on AI on Solana. Furthermore, Solana is positioned as the premier chain for memecoin activity, a trend expected to continue and drive network usage and fees. The article concludes that recent price action reflects a healthy transfer to long-term holders, setting the stage for growth.

marsbit44m ago

KOL's Perspective: Why Is SOL Set to Rise from This Point?

marsbit44m ago

Those Pre-Bitcoin PoW Protocols Have Recently Been Reimplemented

This article details a recent surge in replicating pre-Bitcoin Proof-of-Work (PoW) protocols, specifically focusing on Hal Finney's 2004 RPOW (Reusable Proofs of Work). Within five days in May 2026, multiple independent builders in the Bitcoin/cypherpunk community launched projects inspired by this early electronic cash proposal. The initiative began with Fred Krueger's `rpow2.com`, a centralized but auditable system that replaced RPOW's original IBM 4758 hardware with Ed25519 signatures. Initially a faithful replica, it later adopted Bitcoin-like features (21M supply cap, difficulty adjustment) and a controversial 5.24% founder allocation. This sparked rapid forks, including `rpow4.com` which incorporated full Bitcoin parameters, a prediction market (`rpowmarket.com`), and a DEX (`rpow2swap.com`). Concurrently, Mike In Space created a prototype of Wei Dai's 1998 b-money proposal (`b-money.replit.app`), pushing the historical exploration even further back. The article contrasts these centralized, server-dependent experiments with Bitcoin's core innovation of decentralized, trustless consensus. It also highlights a parallel development: the `HASH` project on Ethereum, which uses smart contract hooks to enable a purely fair-launch, browser-mineable PoW token with 0% allocations to team or VCs. The collective activity is framed as a meme-driven, educational exploration of cypherpunk history rather than a serious financial movement, with all projects heavily disclaiming any investment value.

marsbit49m ago

Those Pre-Bitcoin PoW Protocols Have Recently Been Reimplemented

marsbit49m ago

South Korean Exchanges 'Battle' Regulators, Challenging the Boundaries of Enforcement and Legislation

South Korea's cryptocurrency industry is engaged in a rare, direct confrontation with regulators. The Financial Intelligence Unit (FIU), the primary anti-money laundering (AML) watchdog, has recently imposed heavy penalties on major exchanges like Upbit and Bithumb for alleged violations involving unregistered overseas VASPs and AML procedures. However, exchanges are now actively challenging these actions in court and through industry associations. In a significant shift, the Seoul Administrative Court ruled in favor of Upbit's operator, Dunamu, overturning part of an FIU-ordered business suspension. The court found the FIU's penalty criteria and justification insufficiently clear. Similarly, the court suspended the enforcement of a six-month business suspension against Bithumb pending a final ruling, citing potential irreversible harm to the exchange. Beyond legal battles, the industry is contesting proposed legislative amendments. The Digital Asset eXchange Alliance (DAXA) strongly opposes a draft rule that would mandate Suspicious Transaction Reports (STRs) for all crypto transfers over 10 million KRW (~$6,800). DAXA argues this "poison pill" clause violates legal principles and would overwhelm the STR system, increasing reports from 63,000 to an estimated 5.45 million annually for major exchanges, thereby crippling effective AML monitoring. This conflict highlights a structural tension in South Korea's crypto governance: comprehensive digital asset laws are still developing, while regulators rely heavily on AML enforcement. The industry's move from passive compliance to active legal and legislative challenges signifies a new phase, pressing for clearer rules and more proportionate enforcement. While short-term disputes may intensify, this clash could ultimately lead to a more mature and sustainable regulatory framework for South Korea's vibrant crypto market.

marsbit1h ago

South Korean Exchanges 'Battle' Regulators, Challenging the Boundaries of Enforcement and Legislation

marsbit1h ago

Earnings Report, CLARITY Bill, and Warsh's Arrival: CRCL Faces Three Major Tests This Week

Circle (CRCL) faces three major tests this week that will significantly impact its stock price and valuation. First, on May 11, it will release its Q1 2026 earnings. Key metrics to watch are overall revenue and EPS, the proportion of revenue paid to distributors like Coinbase, and growth in non-interest income. The market also awaits Circle's stance on renegotiating its revenue-sharing contract with Coinbase, which expires in August. Second, on May 14, the U.S. Senate Banking Committee will vote on the CLARITY Act. This bill aims to establish a clear federal regulatory framework for digital assets. A recent compromise proposal would ban yield on static stablecoin reserves but allow rewards for active ones. Its passage, currently seen as likely by prediction markets, would be a major positive for the industry and Circle. Finally, on May 15, Kevin Warsh will succeed Jerome Powell as Federal Reserve Chair. Warsh's proposed policy of quantitative tightening combined with interest rate cuts could pose a short-term headwind for CRCL, as lower rates reduce Circle's primary revenue from USDC reserves. However, long-term prospects may improve as Warsh, a known crypto investor who opposes a Fed CBDC, is seen as potentially favorable to regulated private stablecoins like USDC.

marsbit1h ago

Earnings Report, CLARITY Bill, and Warsh's Arrival: CRCL Faces Three Major Tests This Week

marsbit1h ago

After 50x Storage Surge, Justin Sun Always Looks to the Next Decade

Sun Yuchen, known for his controversial stunts like a $30 million lunch with Warren Buffett (canceled due to a kidney stone) and eating a $6.2 million duct-taped banana, is often overshadowed by a significant fact: his decade-long track record of spotting major investment trends. In 2016, he famously advised young people to invest in Bitcoin, Nvidia, Tesla, and Tencent instead of buying property. A hypothetical $20,000 investment in Nvidia and Tesla from that list would now be worth over 50 million RMB. His latest major call was on November 6, 2025, predicting a "50x storage opportunity" tied to the AI boom, which materialized with Sandisk's stock surging nearly 50-fold by 2026. Looking ahead, Sun now focuses on the next frontier: Physical AI. He identifies four key areas: 1. **Embodied AI/Robotics**: He sees this reaching its "iPhone moment," with companies like UBTech and Galaxy General leading in commercialization. 2. **Drones**: Viewed as the first commercially viable form of Physical AI, revolutionizing sectors from warfare (e.g., AeroVironment's Switchblade) to logistics. 3. **Spatial Computing**: Beyond VR, it's about AI understanding physical space, a foundational technology for robotics and autonomous systems, exemplified by Apple's Vision Pro. 4. **Space Exploration**: After a 2025 suborbital flight with Blue Origin, Sun advocates for space as the ultimate frontier, discussing blockchain's potential role in space asset management and data transactions. His investment philosophy involves betting on entire, inevitable trends rather than single companies. For robotics, he sees Tesla (the body/manufacturer) and Nvidia (the brain/AI platform) as complementary plays. In defense drones, he highlights companies making tanks obsolete (AeroVironment) and those augmenting fighter jets (Kratos). For space, he participated in Blue Origin's flight and anticipates SpaceX's potential IPO to redefine the sector's valuation. Sun Yuchen's vision frames the next two decades not as a revolution in information flow (like the internet), but in the fundamental operation of the physical world through AI-powered robots, autonomous systems, and spatial intelligence, ultimately extending human and AI activity into space. While many still focus on conventional assets, he continues to look toward the next technological horizon.

marsbit2h ago

After 50x Storage Surge, Justin Sun Always Looks to the Next Decade

marsbit2h ago

Trading

Spot
Futures
活动图片