The latest exploit on Venus Protocol adds another chapter to its long history of security incidents, but this time the story is less about a sudden breach and more about a vulnerability that was seen, documented, and ultimately ignored. On March 15, 2026, an attacker executed a carefully planned price manipulation attack on the BNB Chain, extracting millions in borrowed assets after spending nine months quietly building a dominant position in the THE token market.
The attacker accumulated roughly 84% of the supply cap for THE before bypassing protocol limits using a “donation attack.” By directly transferring tokens into the contract instead of using the standard deposit function, they inflated the collateral value without triggering supply cap checks. This manipulation allowed them to borrow against an artificially boosted position, looping the process multiple times while pushing the token price upward through thin liquidity.
As the price surged, the attacker leveraged the inflated collateral to borrow assets including stablecoins and major tokens. Although Venus’s oracle system initially resisted the manipulation, it eventually adjusted as prices converged across sources, enabling further borrowing. At its peak, the position held tens of millions in nominal collateral, but this value proved illusory once liquidation began. When the market reversed, the inflated position collapsed, leaving Venus Protocol with approximately $2.15 million in bad debt.
What makes the incident more striking is that the core vulnerability was not new. The same donation attack vector had been identified in a 2023 audit but was dismissed as having “no negative side effects.” A similar exploit had already occurred on Venus’s ZKSync deployment in 2025, resulting in losses that the protocol absorbed without fully addressing the root cause. Despite these warnings, the underlying issue remained unpatched on BNB Chain.
Interestingly, the attacker may not have profited significantly on-chain. While over $5 million in assets were extracted, the cost of building the position and the eventual liquidation suggest minimal or even negative returns. Analysts speculate that profits may have been realized off-chain through short positions, where the attacker could benefit from the sharp price collapse that followed the manipulation.
For Venus Protocol, however, the outcome is clear. Another exploit, another round of bad debt, and another post-mortem promising fixes. The incident highlights a recurring pattern in DeFi where known vulnerabilities persist not because they are undiscovered, but because they are deprioritized. As similar architectures continue to power multiple protocols, the real question is not whether this attack will happen again, but where.
