Venus Protocol Detects $3.7M Supply Cap Attack on THE Pool

TheNewsCryptoPubblicato 2026-03-16Pubblicato ultima volta 2026-03-16

Introduzione

Venus Protocol detected a suspicious trading activity in its THE token liquidity pool on March 15. The incident, identified as a supply cap attack, occurred in two phases. First, the attacker accumulated approximately 84% of the total Thena token market capitalization. Then, they used these holdings as collateral to borrow other assets, including 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin, resulting in over $3.7 million in losses. Only the CAKE and THE pools were directly affected. In response, Venus halted all THE borrows and withdrawals, as well as those for other low-liquidity tokens. This attack represents a notable protocol-level exploit in DeFi for 2024.

On March 15, Venus Protocol revealed that it has found some suspicious trading activity in its liquidity pool for the Thena (THE) token. For clarification, Venus operates as a lending and borrowing platform, and THE is the native token of the Thena DeFi platform.

Venus has appointed Allez Labs as its risk manager, which stated that the incident seems to be a supply cap attack and it unravelled in two phases. The first phase shows that the attacker gradually collected around 84% of the overall Thena token market capitalisation.

The second phase included the attacker using those holdings as collateral to borrow other assets from the platform. The borrowed assets comprised 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin, as reported by Allez Labs.

The overall value lost in the attack surpassed $3.7 million, revealed by Wu Blockchain. Only the CAKE and THE pools were directly impacted by the exploit.

The Notable Attack

Venus Protocol replied by halting all THE borrows and withdrawals quickly. The team mentioned in a statement that this will stay in effect until the investigation is taken to end. As an extra precaution, Allez Labs mentioned Venus also shut withdrawals and borrowing for various other low-liquidity tokens on the platform.

The attack is one of the more noteworthy decentralised finance security incidents of this year. The overall losses via crypto hacks slipped to $49 million in February, the lowest monthly figure in around a year, as per the blockchain security company PeckShield.

That slip in hack-associated losses was, although, accompanied by a surge in phishing and social-engineering attacks aiming at individual users.

Nominis, a blockchain intelligence platform, mentioned that a lot of individual attacks in February comprised phishing websites, malicious signature requests, and address poisoning scams made to steal private keys.

The Venus incident shows a different threat category, one aiming protocol-level mechanics instead of individual user credentials.

Highlighted Crypto News Today:

Playnance Partners With KGeN to Expand Web3 Gaming Distribution Network

Domande pertinenti

QWhat type of attack did Venus Protocol detect on its THE pool?

AVenus Protocol detected a supply cap attack on its THE pool.

QWhat was the total value of assets lost in the attack on Venus Protocol?

AThe total value lost in the attack surpassed $3.7 million.

QWhich two token pools were directly impacted by the exploit?

AOnly the CAKE and THE pools were directly impacted by the exploit.

QWhat immediate action did Venus Protocol take in response to the attack?

AVenus Protocol halted all THE borrows and withdrawals, and also shut withdrawals and borrowing for various other low-liquidity tokens on the platform.

QWhat was the first phase of the attack as described by risk manager Allez Labs?

AIn the first phase, the attacker gradually collected around 84% of the overall Thena token market capitalisation.

Letture associate

AI Relay Stations Spark Heated Debate on Zhihu: Behind Cheap Tokens, What Are Users Really Worried About?

A discussion on Zhihu about "AI relay stations" shifted the niche developer topic of "cheap tokens" into broader user awareness. Users moved beyond simply questioning the legitimacy of these services to focus on practical concerns: Where do cheap tokens truly come from? Is the model being accessed the real one? Can relay stations see prompts, code, and API keys? For occasional users, are the risks worth it? The core debate centered less on price and more on trust. A primary worry is model authenticity—the risk of "model swapping," where users paying for a premium model might be routed to a cheaper one, creating an information asymmetry. Others argued that cost comparisons matter; while cheaper than official pay-as-you-go APIs, relay stations may not be the lowest-cost option versus subscriptions, domestic models, or free tiers, making user needs assessment crucial. Speculation about token sources ranged from legitimate bulk discounts to gray-area methods like account sharing or exploiting regional pricing. This opacity makes risk assessment difficult for users. Data security emerged as a critical concern, especially for enterprise use. When processing sensitive information like code, contracts, or client data, the inability to verify a relay station's data handling, retention, or access policies poses significant compliance and confidentiality risks. The evolving consensus suggests relay stations can be used cautiously for low-sensitivity, disposable tasks (e.g., summarizing public info, simple translation). However, they should not be the default for sensitive, professional, or production workflows involving proprietary data, Agents, or automated systems. Recommendations include avoiding large prepayments, not relying on a single service, using test prompts to monitor quality, anonymizing data where possible, and keeping official channels as backups. Ultimately, the discussion framed tokens not just as a billing unit but as a measure of real cost encompassing price, model integrity, data security, and service stability. The popularity of relay stations highlights user demand for affordable access, but the debate underscores a key trade-off: the savings from cheap tokens may come at the price of trust, transparency, and control over one's data and AI experience.

marsbit15 min fa

AI Relay Stations Spark Heated Debate on Zhihu: Behind Cheap Tokens, What Are Users Really Worried About?

marsbit15 min fa

In-Depth Research Report on TradFi: The Convergence Wave of Crypto and Traditional Finance

In 2026, the crypto industry is undergoing a profound infrastructure-level transformation—TradFi assets are migrating on-chain at an unprecedented pace. According to CoinGecko's Q1 2026 report, the total value locked (TVL) of tokenized real-world assets (RWA) has surpassed $31 billion, a nearly 4x increase from $7.8 billion at the beginning of 2025, with the sector’s aggregate market capitalization reaching $19.3 billion. Among these, the market cap of tokenized stocks surged from $2 million to $486 million, with Q1 spot trading volume reaching $15.1 billion—a single quarter already surpassing the entire second half of 2025. RWA perpetual contract Q1 trading volume reached a staggering $524.8 billion, far exceeding the $313 billion for all of 2025. Meanwhile, BlackRock's BUIDL fund has reached $2.3 billion in scale and has filed for two new tokenized funds, signaling that the world's largest asset manager's tokenization strategy is evolving from pilot to product suite expansion. HTX, as a core participant in the crypto exchange sector, officially launched TradFi perpetual futures products including NVDA, AAPL, MSFT, META, and SPY in 2026, enabling crypto users to gain 24/7 trading access to core U.S. equities. Boston Consulting Group predicts that global tokenized asset scale could reach $16 trillion by 2030, while McKinsey offers a conservative estimate of approximately $2 trillion. The on-chain migration of TradFi assets is no longer a "future narrative" but a structural transformation unfolding in real time, as crypto exchanges evolve from single crypto asset trading platforms toward "multi-asset-class trading infrastructure."

HTX Learn17 min fa

In-Depth Research Report on TradFi: The Convergence Wave of Crypto and Traditional Finance

HTX Learn17 min fa

Blockchain Association Urges Senate To Pass CLARITY Act With Letter Backed By 160 Ex-Officials

The Blockchain Association, along with 160 former national security and law enforcement officials, has urged Senate leaders to pass the CLARITY Act. They argue that without clear federal regulation, crypto activity will move to opaque offshore markets, hindering U.S. efforts to combat financial crime. The letter highlights that the Act would strengthen law enforcement by expanding anti-money laundering and sanctions requirements under the Bank Secrecy Act, improving information sharing between agencies like the Treasury, DOJ, and FBI, and enhancing oversight of digital asset kiosks with measures like transaction monitoring and fraud prevention. The Association emphasizes these are enforcement enhancements, not deregulation. Momentum for the bill is building, with a Senate vote expected this summer, though it would still need reconciliation with a previously passed House version.

bitcoinist24 min fa

Blockchain Association Urges Senate To Pass CLARITY Act With Letter Backed By 160 Ex-Officials

bitcoinist24 min fa

Blocked Its Own Treasure, WeChat AI Steps Up

Tencent's stock surged over 10% on June 2nd amid reports that WeChat, with 1.43 billion monthly users, is finalizing tests for a native AI Agent. The reported feature, accessible by swiping right from the main interface, allows users to issue commands in natural language. The AI then decomposes tasks and automatically calls upon relevant Mini Programs within WeChat to complete actions like ordering food, booking tickets, or making payments, creating a closed-loop service execution system. This strategic shift follows the internal conflict and subsequent "blocking" of Tencent's standalone AI app, Yuanbao, by WeChat for violating sharing rules during a 2026 Spring Festival promotion. The incident highlighted a lack of internal consensus and exposed the weakness of competing in the standalone AI assistant arena against rivals like ByteDance's Doubao (345M MAU) and Alibaba's Qianwen. The new WeChat AI Agent aims to leverage WeChat's unique assets—its massive user base, standardized Mini Program APIs, WeChat Pay, and identity system—to move from simple content generation to actual task execution. Analysts note this changes the competitive landscape from model benchmarks to which AI can connect to more real-world services. However, success depends on key variables: the capability of Tencent's underlying Hunyuan model, managing massive inference costs, and redesigning incentives for Mini Program developers whose traffic might be bypassed. The move is seen as an attempt to keep user service intent within WeChat's ecosystem as AI begins to redefine how users access services.

marsbit1 h fa

Blocked Its Own Treasure, WeChat AI Steps Up

marsbit1 h fa

ByteDance Adopts Arm CPUs, Jensen Huang: So Sad I Didn't Buy Arm

**Summary:** At Computex 2026, Arm CEO Rene Haas announced that ByteDance and Oracle have adopted Arm's self-designed Arm AGI data center CPU. The company expects significant revenue growth from this product, projecting $20 billion in demand for the 2027/2028 fiscal years. Haas noted that restricting AI-capable CPUs from the US to China is nearly impossible due to their widespread applications. Arm's stock has surged dramatically this year, notably rising 16% after NVIDIA's Arm-based Vera CPU and RTX Spark announcements. A highlight was the informal, humorous on-stage conversation between Haas and NVIDIA CEO Jensen Huang. Huang joked about NVIDIA's failed attempt to acquire Arm and playfully lamented selling his Arm shares. Both executives showed a clear sense of camaraderie and shared regret over the missed merger. Key technical topics were discussed: 1. **AI PC Design:** Huang explained NVIDIA's RTX Spark superchip (with a 20-core Arm CPU) is designed for future AI agents that will autonomously run and use tools on PCs, blending local and cloud processing. 2. **Agent vs. OS:** Huang emphasized the operating system remains crucial, as AI agents rely on its APIs and tools to function. 3. **Growth Constraints:** He identified the shift to "useful AI" that generates profitable tokens as a primary driver for immense, almost limitless, computational demand. Haas outlined Arm's strategy across PC and data centers. For PCs, Arm collaborates with partners like NVIDIA and MediaTek, offering its compute subsystem (CSS) for custom SoCs. In data centers, its Arm AGI CPU (built on TSMC's 3nm process) has gained major partners including OpenAI, Meta, and now ByteDance and Oracle. Arm presented a multi-year roadmap for its in-house CPU line. The article concludes that while GPUs dominated the AI training race, the explosion of AI agents is shifting significant focus to CPUs for inference, state management, and tool orchestration. The industry is trending towards vertical integration, with companies like cloud providers designing chips and chip/IP firms offering full solutions, all competing to deliver more efficient computing per watt.

marsbit1 h fa

ByteDance Adopts Arm CPUs, Jensen Huang: So Sad I Didn't Buy Arm

marsbit1 h fa

Trading

Spot

Futures