The Venus Protocol was hit by a code exploit, causing more than $3.7 million in losses.
Venus Protocol, a decentralized lending and lending platform, said on Sunday that it has detected suspicious trading activity in the liquidity pool for Thena (THE) token, the native cryptocurrency of decentralized finance platform Thena.
The unusual trading activity only affected the CAKE token, Pancake Swap's decentralized exchange native cryptocurrency, and the Thena token pools, according to the Venus Protocol announcement. The Venus team said:
“While we continue to investigate the unusual activity in the pool, we are taking precautionary measures to prevent any abuse by immediately stopping all loans and withdrawals. This will remain in effect until the investigation is complete.”
The suspicious trading activity is believed to be a two-stage supply cap attack: a fixed deposit of about 84% of the total token market capitalization, combined with a credit attack, by Alez Labs, which is identified as the Venus Protocol risk manager.
The Venus exploit used the Thena token as collateral to borrow 6.67 million Cake tokens, 1.58 million USDC (USDC), 2,801 BNB (BNB) – the native token of the BNB Chain – and 20 Bitcoin (BTC), Alez Labs said.
As a precaution, withdrawals and loans to other tokens with less liquidity on the platform have been temporarily halted, Alez Labs said. According to Wu Blockchain, more than $3.7 million was lost in the attack.
At the time of publication, THE was trading at $0.2255, down more than 17% in the last 24 hours, according to pricing data on CoinMarketCap.com.
Cointelegraph reached out to Venus Protocol but did not receive a response as of press time.
The incident highlights the cyber security and code exploitation risks faced by crypto users and decentralized finance platforms as the sector continues to grow and security threats that lead to financial losses become increasingly sophisticated.
Related: February Crypto Losses Hit Lowest Since March 2025, PeckShield Says
Monthly crypto hacking losses fall in February as attackers turn to social engineering scams
The value of data lost in crypto-related hacks fell to $49 million in February, the lowest level in a year, according to blockchain security firm PeckShield.
While total value lost due to hacking and exploits decreased in February, phishing and social engineering scams increased.
According to a report by blockchain intelligence platform Nominis, “Most individual attacks target private users through phishing attacks, malicious signatures, and address poisoning scams.”
Phishing scams often use fake websites, with addresses that look similar to legitimate domain names. These scam websites are malware designed to steal cryptocurrencies or other confidential information.
Magazine: ‘SEAL 911' White Hat Team Formed To Fight Crypto Hackers In Real Time
