Attacker’s Alleged Strategy and On-Chain Flow
Approximately 7,400 ETH was transferred to the attacker’s address through the Tornado Cash privacy mixer. The funds were then used to borrow roughly $9.92 million in stablecoins via Aave, which were distributed across multiple wallets to purchase large volumes of $THE.
The attacker reportedly accumulated significant amounts of $THE over time, at one point controlling as much as 84% of the token’s supply according to some estimates. The token’s price was then allegedly pushed higher on centralized exchanges before more than 36.1 million $THE tokens were deposited as collateral into Venus Protocol.
This allowed the attacker to borrow approximately $5.07 million worth of assets (with some community estimates placing the figure around $3.7 million), including 2,172 BNB, 1.516 million CAKE, and 20 BTC.
Price Crash and Liquidation Cascade
Venus Protocol’s Emergency Response
In official statements on X, Venus Protocol responded with precautionary measures:
- Confirmed unusual activity in the $THE pool and initiated an active investigation, noting limited impact to $THE and $CAKE markets.
- Paused all $THE borrows and withdrawals immediately to prevent further misuse.
- Reduced the Collateral Factor (CF) to zero for seven markets (BCH, LTC, UNI, AAVE, FIL, TWT, and lisUSD) based on risk criteria, including single-user collateral concentration over 60%, low market cap, trading volume, and DEX TVL.
