Venus Protocol Detects $3.7M Supply Cap Attack on THE Pool

TheNewsCryptoОпубликовано 2026-03-16Обновлено 2026-03-16

Введение

Venus Protocol detected a suspicious trading activity in its THE token liquidity pool on March 15. The incident, identified as a supply cap attack, occurred in two phases. First, the attacker accumulated approximately 84% of the total Thena token market capitalization. Then, they used these holdings as collateral to borrow other assets, including 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin, resulting in over $3.7 million in losses. Only the CAKE and THE pools were directly affected. In response, Venus halted all THE borrows and withdrawals, as well as those for other low-liquidity tokens. This attack represents a notable protocol-level exploit in DeFi for 2024.

On March 15, Venus Protocol revealed that it has found some suspicious trading activity in its liquidity pool for the Thena (THE) token. For clarification, Venus operates as a lending and borrowing platform, and THE is the native token of the Thena DeFi platform.

Venus has appointed Allez Labs as its risk manager, which stated that the incident seems to be a supply cap attack and it unravelled in two phases. The first phase shows that the attacker gradually collected around 84% of the overall Thena token market capitalisation.

The second phase included the attacker using those holdings as collateral to borrow other assets from the platform. The borrowed assets comprised 6.67 million CAKE tokens, 1.58 million USDC, 2,801 BNB, and 20 Bitcoin, as reported by Allez Labs.

The overall value lost in the attack surpassed $3.7 million, revealed by Wu Blockchain. Only the CAKE and THE pools were directly impacted by the exploit.

The Notable Attack

Venus Protocol replied by halting all THE borrows and withdrawals quickly. The team mentioned in a statement that this will stay in effect until the investigation is taken to end. As an extra precaution, Allez Labs mentioned Venus also shut withdrawals and borrowing for various other low-liquidity tokens on the platform.

The attack is one of the more noteworthy decentralised finance security incidents of this year. The overall losses via crypto hacks slipped to $49 million in February, the lowest monthly figure in around a year, as per the blockchain security company PeckShield.

That slip in hack-associated losses was, although, accompanied by a surge in phishing and social-engineering attacks aiming at individual users.

Nominis, a blockchain intelligence platform, mentioned that a lot of individual attacks in February comprised phishing websites, malicious signature requests, and address poisoning scams made to steal private keys.

The Venus incident shows a different threat category, one aiming protocol-level mechanics instead of individual user credentials.

Highlighted Crypto News Today:

Playnance Partners With KGeN to Expand Web3 Gaming Distribution Network

TagsHackHack AttackVenus

Связанные с этим вопросы

QWhat type of attack did Venus Protocol detect on its THE pool?

AVenus Protocol detected a supply cap attack on its THE pool.

QWhat was the total value of assets lost in the attack on Venus Protocol?

AThe total value lost in the attack surpassed $3.7 million.

QWhich two token pools were directly impacted by the exploit?

AOnly the CAKE and THE pools were directly impacted by the exploit.

QWhat immediate action did Venus Protocol take in response to the attack?

AVenus Protocol halted all THE borrows and withdrawals, and also shut withdrawals and borrowing for various other low-liquidity tokens on the platform.

QWhat was the first phase of the attack as described by risk manager Allez Labs?

AIn the first phase, the attacker gradually collected around 84% of the overall Thena token market capitalisation.

Похожее

Understanding x402 and MPP: Two Approaches to Agent Payments

Stripe's MPP and x402 represent two competing approaches to enabling machine-to-machine payments, both leveraging the long-dormant HTTP 402 status code ("Payment Required"). x402, led by Coinbase, is a minimalist protocol that embeds payment directly into HTTP requests. It requires no accounts, API keys, or intermediaries. A server returns a 402 response with payment details; the client pays on-chain and resubmits the request with a proof. It's open-source, chain-agnostic (currently supporting Base, Polygon, Solana), and designed for open, permissionless systems. However, current usage is low, with small microtransactions. MPP, developed by Stripe and Tempo, is a full-stack solution built for high-frequency agent transactions. Its core innovation is sessions, allowing an agent to pre-authorize a spending limit and make numerous micro-payments within it without repeated on-chain transactions. It runs on the Tempo blockchain, optimized for high throughput and sub-second confirmations. Crucially, it integrates with Stripe's existing compliance, risk, and fiat infrastructure, including support for credit cards via Shared Payment Tokens (SPTs). While x402 offers simplicity and decentralization, MPP provides scalability and enterprise-grade features. Stripe supports both, aiming to capture agent payment flows regardless of the underlying protocol. The ecosystem is still experimental, but major players like Google, Visa, and Anthropic are involved. The choice depends on the use case: x402 for open, long-tail applications, and MPP for commercial, high-volume scenarios.

marsbit24 мин. назад

Understanding x402 and MPP: Two Approaches to Agent Payments

marsbit24 мин. назад

The Use of Humans: Agentic Wallet and the Next Decade of Wallets

The article "The Use of Humans: Agentic Wallet and the Next Decade of Wallets" discusses the evolution of digital wallets in the age of AI agents. It argues that as software users shift from humans to autonomous agents, traditional wallet security models—relying on human confirmation, signatures, and private key management—become inadequate. The core proposition is that Agentic Wallets must serve two masters: humans, who set rules and retain ultimate control, and agents, which require constrained autonomy to execute transactions efficiently. The wallet thus evolves from a simple asset container into a permission and execution system that allows agents to operate within predefined boundaries (e.g., budget limits, approved assets, whitelisted addresses). The article identifies key challenges: current wallets are designed for human interaction, not agentic speed and scale. It outlines four tiers of agent autonomy—from human-controlled to fully autonomous—and emphasizes "bounded autonomy" as the pragmatic near-term solution. A four-layer architecture is proposed: account isolation, permission rules, execution primitives for agents, and governance tools (logging, alerts, veto mechanisms). Critical enabling technologies include standardized Skills (for链上 operations), policy engines, session keys for limited delegation, and audit trails. Current solutions from players like Coinbase, Safe, Privy, and Polygon are noted, but face gaps in portable identity/reputation, unified policy standards, adversarial security (e.g., prompt injection), and cross-chain functionality. The future direction involves a "Wallet Policy Plane" that sits between agent intent and on-chain execution, performing real-time policy checks, risk scoring, and identity verification—akin to Stripe's payment infrastructure. Ultimately, the wallet's role shifts from a front-end gatekeeper to an embedded control layer enabling secure, scalable agentic economies.

marsbit46 мин. назад

The Use of Humans: Agentic Wallet and the Next Decade of Wallets

marsbit46 мин. назад

ZANO targets $17 after 73% surge – Should traders wait for a dip?

ZANO experienced a significant 73% price surge in a week after testing its long-term demand zone at $5.5-$6.0. While the weekly chart suggests a potential rally toward the range highs at $17.2 over the next few months, short-term indicators show signs of overextension. The 4-hour chart reveals a divergence in OBV and an overbought MFI, indicating a possible retracement. Traders may find a buying opportunity if the price dips to the $8.1-$9.2 support region, a high-volume node that could serve as a consolidation area. A drop below $8.1 wouldn't invalidate the bullish weekly structure but could offer a better entry point for long positions.

ambcrypto52 мин. назад

ZANO targets $17 after 73% surge – Should traders wait for a dip?

ambcrypto52 мин. назад

Must-Follow Next Week|Polymarket to Announce Major News Next Monday; Backpack TGE on March 23 (3.23-3.29)

The following is a summary of key events scheduled for the week of March 23-29, 2026. **March 23:** * **Polymarket** is set to announce major news, speculated to be related to a token launch or funding round. * **Backpack** will conduct its Token Generation Event (TGE). * The U.S. SEC may begin processing **Morgan Stanley's Bitcoin ETF** application. * Cboe plans to launch the **BITVX** volatility index, based on iShares Bitcoin Trust (IBIT) options. * **NilChain** will cease operations; NIL token holders must migrate to Ethereum. * **Binance** will list the PAYPUSDT stock perpetual contract. **March 25:** * The U.S. House Financial Services Committee will hold a hearing on **tokenization**. * **Metaplanet** will hold its annual shareholders meeting. **March 26:** * A proposal to distribute ~70 million **USDS** to Sky Agents may be executed. * U.S. weekly initial jobless claims data will be released. **March 27:** * Federal Reserve Vice Chair **Jefferson** is scheduled to speak. * **Bithumb** will delist Neiro (NEIRO). **March 28:** * **Linea** will update its Terms of Service to prepare for the launch of its Yield Boost feature. **Other Events (Date TBD):** * Elon Musk announced that **X Platform** will release a major open-source update to its AI algorithm next week. * **Starknet** will launch the **STRK20** testnet next week, with a mainnet release planned for late April. STRK20 aims to provide token-level privacy for assets on the network.

marsbit1 ч. назад

Must-Follow Next Week|Polymarket to Announce Major News Next Monday; Backpack TGE on March 23 (3.23-3.29)

marsbit1 ч. назад

CertiK Test: How the Vulnerable OpenClaw Skill Bypassed Review and Took Over Computers Without Authorization

CertiK's latest research reveals critical security vulnerabilities in OpenClaw's third-party Skill ecosystem. Despite OpenClaw's three-layer review system—including VirusTotal scanning, static code analysis, and AI logic checks—malicious Skills can easily bypass these safeguards. CertiK demonstrated this by developing a seemingly benign "test-web-searcher" Skill that contained a hidden remote code execution vulnerability. It was approved without warnings, allowing unauthorized command execution on the host machine (e.g., launching system calculators via Telegram commands). The core issue is the industry’s overreliance on pre-release scans rather than runtime isolation and strict permission controls. Unlike iOS’s mandatory sandboxing, OpenClaw’s sandbox is optional and often disabled by users for functionality, leaving systems exposed. CertiK urges developers to enforce mandatory sandboxing and granular permissions for Skills, and advises users to deploy OpenClaw on isolated devices away from sensitive data or assets. The study underscores that scanning alone cannot secure high-permission AI agents; runtime isolation and damage containment are essential for safety.

marsbit1 ч. назад

CertiK Test: How the Vulnerable OpenClaw Skill Bypassed Review and Took Over Computers Without Authorization

marsbit1 ч. назад

Торговля

Спот
Фьючерсы
活动图片

Популярные категорииright-arrow

Популярные тегиright-arrow