Venus Protocol, a decentralized lending and borrowing platform, reported on Sunday that it detected suspicious trading activity in the liquidity pool for the Thena (THE) token, the native asset of the Thena DeFi protocol. The anomaly appeared to affect only two pools—CAKE, the native token of PancakeSwap, and THE—and prompted an immediate, precautionary pause on all borrows and withdrawals related to THE. The pause will remain in place while investigators review the activity and determine appropriate next steps.
Key takeaways
Venus Protocol paused all THE borrows and withdrawals amid an active investigation into unusual pool activity, signaling an abundance of caution during a multi‑asset incident.
Allez Labs, described as Venus Protocol’s risk manager, attributed the episode to a supply cap attack executed in two phases, combining a rapid accumulation of the THE market cap with a lending attack.
The attacker reportedly used the Theta token as collateral to borrow large quantities of CAKE, USDC, BNB, and BTC, amplifying a liquidity crunch in the affected pools.
Total losses from the attack are estimated to exceed $3.7 million, according to Wu Blockchain, with additional halts imposed on low-liquidity tokens as a precaution.
Thena’s THE price moved lower in reaction to the incident, trading around $0.2255 at the time of reporting, down roughly 17% over the prior 24 hours, per market data.
The incident underscores ongoing security and cyber-risk challenges in DeFi, even as overall hack losses in February registered a notable decline before phishing and social‑engineering threats rose again.
Tickers mentioned: $BTC, $CAKE, $USDC, $BNB, $THE, $THETA
Sentiment: Neutral
Price impact: Negative. THE’s price fell about 17% in the 24 hours leading up to the report as details of the incident emerged and risk concerns escalated.
Trading idea (Not Financial Advice): Hold. Monitor the investigation’s findings, the status of THE pool, and any subsequent risk‑management measures announced by Venus Protocol or its partners.
Market context: The attack arrives as the sector grapples with sophisticated on‑chain exploits and the broader DeFi liquidity environment. February’s data from PeckShield showed total crypto losses from hacks at $49 million—the lowest in nearly a year—yet security incidents continue to shift toward social engineering and phishing, indicating that user education remains critical amid growing ecosystem complexity.
Why it matters
The Venus Protocol incident highlights the fragility that can accompany high‑leverage DeFi ecosystems where attackers exploit complex interactions across multiple pools. By leveraging THE as collateral to borrow CAKE, USDC, BNB, and BTC, the attacker sought to lock in a sizable position while exploiting liquidity imbalances in the THE pool. The decision to pause all THE borrows and withdrawals signals a governance and risk team that is prioritizing containment and forgoing near‑term liquidity for long‑term safety.
From a risk‑management perspective, the episode exposes the limits of automated checks when faced with layered attack vectors, including supply cap strategies and cross‑pool collateralization. Allez Labs’ assessment that the attack unfolded in two phases—first accumulating a dominant chunk of THE’s supply, then leveraging it to drain liquidity via lending—underscores how attackers may align price manipulation, liquidity capture, and debt creation in a coordinated sequence. The disclosure also reinforces the value of explicit risk monitoring partners in DeFi ecosystems, where independent assessments can accelerate detection and response.
For users and lenders, the event serves as a reminder of the importance of cautious borrowing, diversified collateral, and awareness of pool liquidity conditions across platforms. While DeFi continues to deliver permissionless access to capital, incidents like these demonstrate that security controls—such as circuit breakers and pause protections—remain essential tools in mitigating cascading losses during abnormal markets. The rapid public disclosure by Venus Protocol and the involvement of a risk manager in framing the incident illustrate a broader industry push toward transparency in the wake of major exploits.
The February security landscape—with a pivot toward phishing and social‑engineering schemes despite a fall in hack losses—also reflects the ongoing tension between on‑chain mechanics and off‑chain social risk. Industry observers note that as DeFi grows, attackers increasingly target user interfaces, private keys, and approval workflows, making user education a critical component of systemic resilience. The current case reinforces the need for robust auditing, real‑time monitoring, and cross‑protocol collaboration to reduce the blast radius of such attacks.
The full narrative around the THE pool incident and its implications for DeFi risk management is still developing, but the immediate actions taken by Venus Protocol illustrate a measured approach to crisis containment, prioritizing asset preservation and orderly disclosure over rapid liquidity restoration.
What to watch next
Updates from Venus Protocol on the investigation’s progress and the duration of the THE pool pause.
Announcements from Allez Labs detailing the root cause analysis and any proposed mitigations or governance proposals.
Whether any portion of the stolen assets are recovered, or if liquidations and collateral redemptions proceed as investigators gather more data.
Any changes to liquidity provisions for THE, CAKE, and related assets across Venus and connected DeFi ecosystems, including potential audits or security enhancements.
Regulatory or platform‑level responses that might affect cross‑pool collateralization or risk‑rating frameworks in DeFi lending markets.
Sources & verification
Venus Protocol official status on X detailing the pause and ongoing investigation: https://x.com/VenusProtocol/status/2033206484935344251
Allez Labs’ remarks identifying the two‑phase supply cap and lending attack: https://x.com/AllezLabs/status/2033239532355858536
Wu Blockchain reporting on total losses tied to the incident: https://x.com/WuBlockchain/status/2033173968346120495
THE price reference on CoinMarketCap: https://coinmarketcap.com/currencies/thena/
Nominis monthly report on February crypto hacks and attacks: https://www.nominis.io/insights/nominis-monthly-report-crypto-hacks-and-attacks-in-february-2026
Key figures and next steps
Rewritten Article Body
Market reaction and key details
The Venus Protocol incident began with a signal of irregular activity centered on the Thena (THE) pool, prompting an immediate, protocol‑level pause on THE borrows and withdrawals. The move, described as precautionary, aims to prevent a further spillover while investigators parse the sequence of events that allowed the attacker to capitalize on THE liquidity. The pause is explicit in Venus’ communications and remains in place until a full assessment is complete.
The attacker’s approach, as outlined by Allez Labs, involved a supply cap attack designed to accumulate a dominant share of THE’s on‑chain supply in two stages. In parallel, a lending attack was executed, leveraging Theta (CRYPTO: THETA) as collateral. This allowed the attacker to borrow a substantial amount of CAKE (CRYPTO: CAKE), USDC (CRYPTO: USDC), BNB (CRYPTO: BNB), and BTC (CRYPTO: BTC). The combination of market capture and debt creation appears to have stretched the liquidity of the affected pools and increased risk exposure across Venus’ lending market.
Public disclosures show that 6.67 million CAKE, 1.58 million USDC, 2,801 BNB, and 20 BTC were among the assets borrowed using Theta as collateral. Out of an abundance of caution, Venus also halted withdrawals and borrowing for other tokens with relatively low liquidity on the platform, a decision that underscores the potential for cross‑asset contagion in a congestion event. The total value implicated in the attack has since been cited as over $3.7 million, amplifying concerns about the pace at which DeFi platforms can respond to sophisticated exploits.
At the time of reporting, THE traded around $0.2255, reflecting a material drop as traders digested the security event and its implications for the DeFi stack. The price move aligns with typical market responses to exploit disclosures, where risk premia rise and liquidity pools tighten in the wake of uncertain asset backing. The broader price action for THE remains contingent on the recovery of funds, ongoing risk disclosures, and the ability of Venus to restore user confidence through transparent remediation efforts.
Investigators contacted by the press noted that Theta’s role as collateral injected a cross‑protocol dynamic into the attack scenario. Theta is a major participant in its own ecosystem, and the incident highlights how collateral quality and pool design interact in complex ways when attackers execute multi‑step strategies. The breakdown of normal pool behavior, in conjunction with a targeted accumulation of THE, illustrates the evolving risk landscape for liquid markets where yield farming, flash loans, and cross‑collateralization intersect with governance and liquidity provisioning.
From a governance and ecosystem perspective, the incident reinforces the importance of real‑time risk frameworks and independent risk management capabilities within DeFi protocols. The collaboration between Venus Protocol, Allez Labs, and other security researchers is a positive sign that platforms are moving toward more robust, auditable controls to detect and defuse such attacks before they precipitate broader losses. It also emphasizes the need for user education around approval flow vigilance and the dangers of reusing keys or compromising wallets during high‑volatility periods.
As the investigation unfolds, market participants will be watching how Venus communicates remediation plans, what protections are introduced to prevent similar exploits, and how liquidity recovery strategies are executed to minimize downtime for affected pools. The incident also contributes to the ongoing dialogue about the resilience of cross‑chain DeFi, the role of risk managers in rapidly identifying and tokenizing threats, and the importance of rapid, transparent disclosures in maintaining user trust during periods of stress.
In sum, the Venus Protocol event illustrates both the ingenuity of attackers and the adaptive measures that DeFi platforms are employing to safeguard users. While the exact financial impact is still being quantified, the incident underscores the need for continuous improvement in risk assessment, rapid incident response, and robust governance processes in decentralized finance ecosystems.
This article was originally published as Venus Protocol Hit by $3.7M Supply-Cap Attack on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.
