Venus Protocol Halts Operations Amidst Sophisticated Supply Cap Attack, Losing Over $3.7 Million

Venus Protocol, a prominent decentralized lending and borrowing platform, announced on Sunday the detection of suspicious trading activity within the liquidity pool for the Thena (THE) token, the native cryptocurrency of the Thena decentralized finance platform. The unusual trading pattern, which specifically targeted pools involving the Cake (CAKE) token, the native cryptocurrency of the PancakeSwap decentralized exchange, and the Thena token, prompted Venus Protocol to take immediate precautionary measures.

In a statement, the Venus team confirmed the ongoing investigation into the anomalous activity in the THE pool. To mitigate any further potential misuse, they announced the immediate pausing of all THE borrows and withdrawals, a measure that will remain in effect until the investigation is concluded. This decisive action underscores the platform’s commitment to safeguarding user assets and maintaining the integrity of its operations in the face of evolving threats.

The suspicious trading activity is widely suspected to be a meticulously executed supply cap attack, a complex exploit that unfolded in two distinct phases. According to Allez Labs, Venus Protocol’s designated risk manager, the attack involved a calculated accumulation of approximately 84% of the total THE token market cap. This was followed by a subsequent lending attack, a strategy designed to leverage the accumulated tokens for illicit gains.

The perpetrator of this attack utilized Thena tokens as collateral to illicitly borrow substantial amounts of other cryptocurrencies. Allez Labs detailed that the exploiter successfully obtained 6.67 million CAKE tokens, 1.58 million USDC (USDC), 2,801 BNB (BNB) – the native token of the BNB Chain – and 20 Bitcoin (BTC). The scale of these borrowed assets highlights the sophisticated nature of the attack and the significant potential for financial loss.

In a broader move to enhance security and prevent cascading effects, Allez Labs also reported that withdrawals and borrowing for other tokens with low liquidity on the Venus Protocol platform were temporarily halted as a precautionary measure. The cumulative financial impact of this attack has been estimated by Wu Blockchain to exceed $3.7 million.

At the time of reporting, the Thena (THE) token was experiencing a significant price depreciation, trading at $0.2255 per token, reflecting a decline of over 17% in the preceding 24 hours, according to data from CoinMarketCap.com. This price drop serves as a stark indicator of the market’s reaction to the security incident and its potential impact on investor confidence.

Cointelegraph reached out to Venus Protocol for further comment but had not received a response by the time of publication.

This incident serves as a potent reminder of the persistent cybersecurity and code exploit threats that plague the rapidly growing cryptocurrency and decentralized finance (DeFi) sectors. As these platforms evolve and expand, so too do the sophistication and methods employed by malicious actors seeking to exploit vulnerabilities and cause financial harm. The increasing complexity of these security threats necessitates continuous vigilance and robust defense mechanisms from all participants in the digital asset ecosystem.

In a related development, blockchain security firm PeckShield reported a notable decline in the total value lost to crypto-related hacks and exploits in February. The figure for February stood at $49 million, marking the lowest monthly loss in nearly a year. This reduction in financial losses from large-scale hacks and code exploits, however, was accompanied by an observed uptick in phishing and social engineering scams targeting individual users.

A report from blockchain intelligence platform Nominis further elaborated on this trend, indicating that the majority of individual attacks in February were directed at retail users through various fraudulent schemes. These included phishing attacks, malicious signature requests, and address poisoning scams, all designed to trick users into divulging sensitive information or authorizing fraudulent transactions. Phishing scams, in particular, often involve the creation of deceptive websites that mimic legitimate platforms, employing domain names that are nearly identical to their genuine counterparts. These fraudulent sites are frequently equipped with malware intended to steal private keys for cryptocurrencies or other critical personal data.

The ongoing evolution of attack vectors, from complex DeFi exploits to more insidious social engineering tactics, underscores the critical need for enhanced security awareness and robust protective measures across the entire cryptocurrency landscape. The industry continues to grapple with balancing innovation and accessibility with the paramount requirement of user security and asset protection.