Key Highlights
- Venus Protocol paused key markets after a supply cap attack inflated $THE beyond 3.5× its limit.
- Attackers exploited low liquidity and recursive borrowing, spiking $THE price before a sharp collapse.
- February crypto losses fell to $49.3M, but human and operational risks like phishing still threaten users.
Venus Protocol, the decentralized lending platform on BNB Chain, faced a critical supply cap attack, forcing the immediate pause of several markets. The project’s risk manager, AllezLabs, detailed the breach on X, explaining that the Core Pool’s $THE asset was manipulated.
“Our risk manager AllezLabs shares what we know so far. We will continue to provide updates as our investigation progresses,” Venus Protocol stated. Markets for $BCH, $LTC, $UNI, $AAVE, $FIL, and $TWT also paused due to high liquidity concentration. Other Venus markets continue normal operations.
The attacker carefully planned the move over months, slowly gathering 84% of the 14.5 million $THE supply cap starting in June 2025. Instead of following normal deposit steps, they sent tokens directly to the protocol, bypassing the usual checks. This allowed them to massively exceed the supply limit, ultimately holding 53.2 million $THE—more than three and a half times the allowed cap.
AllezLabs explained the timeline: “11:00 UTC – 12.2M THE supplied (84% of cap, within limits) … 12:42 UTC – 53.2M THE (367% of cap) – just before liquidation.”
Exploitation and market impact
After building up massive collateral, the attacker took advantage of low liquidity on the chain. They repeated a cycle: deposit $THE, borrow other assets, buy more $THE, wait for the oracle to update, and do it again.
This drove the $THE price from around $0.27 to nearly $0.53 before it collapsed to $0.24 after liquidation. As of writing, THENA was trading at $0.213809 with a 24-hour trading volume of $333,341,397. The token is down 22.96% in the last 24 hours, according to CoinMarketCap.
At the attack’s peak, the position held 6.67M CAKE, 2,801 BNB, 1.97K WBNB, 1.58M USDC, and 20 BTCB. Another related account borrowed 4.63M $THE but was liquidated shortly after.
To stop further damage, Venus Protocol and its security partners paused the affected markets immediately. Investigations are ongoing, and a full post-mortem with improvements to oracles and supply caps is expected soon.
Crypto security trends in February 2026
Crypto losses dropped sharply in February, totaling about $49.3 million, down from $385 million in January, according to blockchain intelligence firm Nominis. Despite the improvement, attacks still exposed weaknesses in protocols and user practices.
Step Finance lost $30 million after private keys were compromised, while CrossCurveFi suffered a $3 million loss from a smart contract exploit. Phishing scams, exposed seed phrases, and attacks on fintech systems continued to put users at risk. Law enforcement also recovered $6.1 million tied to “pig-butchering” scams, showing that human and operational vulnerabilities remain a major concern.
However, aside from technical issues, February also underscored the importance of human vigilance and operational security. The recent exploit by Venus Protocol shows how well-executed attacks can evade even robust security measures should protocols and liquidity not be actively monitored by developers.
Also Read: BlockFills Files Chapter 11 With Up to $500M Liabilities After Liquidity Crunch
