Venus Protocol, a decentralized finance (DEFi) solution, has been a victim of a flash-loan attack on THE low-liquidity token.
The hack has led to the theft of some 3.7 million worth of assets, comprising of both Bitcoin (BTC), PancakeSwap (CAKE), and BNB, and has caused the price of THE to plummet by over 17% in 24 hours.
Flash Loan Exploit Details
The hack occurred as an ill-intentioned actor used THENA tokens to secure loans on Venus Protocol, using them as security.
The on-chain evidence indicates that the fraudster exchanged the stolen funds to take 20 BTC, 1.5 million CAKE, and 200 BNB, which are estimated to be worth $3.7 million.
The address in question, 0x1a35…6231, was the manipulation of the market, which sold a significant concentration of THE tokens.
The internal analysis of Venus Protocol indicates that the attack might have been larger than first told.
The investigator discovered that a huge sum of collateral had been sold by an address that was financed by 7,400 ETH using Tornado Cash.
The protocol was left with bad debt in the tune of $2.15 million as a result of the manipulation.
Market Reaction and THE Price Fall
The post-exploit price has greatly changed the price of THENA (THE) that has been down by over 17% in less than 24 hours.
Although the price fell, Venus Protocol has been trying to control the consequence of the exploit, such as ceasing the borrowing and withdrawals of the affected markets to prevent further abuse.
Venus Protocol affirmed the strange activity and said that the biggest lending platform on BNB Chain had detected suspicious transactions of the THE liquidity pool. It has affected only the THE and CAKE markets and not other markets.
To ensure the security of the platform, the team took immediate action by stopping borrowing and withdrawals, and the investigation is underway.
Besides the drastic drop in price, the 24-hour trading volume of THE shot by more than 5500% to $291 million, indicating that more people were trading the token during the crisis.
THE is up by 12% on a year-to-year basis, although it has declined by 15 percent in the past 30 days.
Risk Mitigation Measures of Venus Protocol
Venus Protocol has implemented stricter risk measures in reaction to the attack in order to avoid further exploits in the future. The protocol has set the Collateral Factor (CF) of six other markets to zero.
This will be in markets where one user provides a disproportionate share of collateral, which will help reduce the risk of concentrated liquidity.
Higher risk thresholds have also been used by Venus Protocol in weakly liquid and highly concentrated markets with a single user.
As an example, the Collateral Factor of markets like BCH, LTC, UNI, AAVE, FIL, TWT, and lisUSD are being set to zero in precautionary measures.
The move is based on a history of security breaches that have afflicted Venus Protocol in the past, such as an XVS token manipulation attack in 2021 that has caused the company to accumulate a bad debt worth $95 million.
Venus Protocol has been experiencing security challenges even though precautionary measures have been taken.
The flash-loan assault on the THENA token has been a serious financial catastrophe; however, the protocol is in the process of salvaging the scenario and securing its platform.
As the risks of low-liquidity tokens increase, the current attempts by Venus Protocol to further restrict risk management will serve as a key in eliminating future exploits.
