Venus Exploit Post-Mortem: How to Profit in a Flash Loan Window?

By: blockbeats|2026/03/16 10:00:05
0
Share
copy
Original Article Title: "Retrospect of How I Profited from the Venus THE Attack"
Original Article Author: Weilin (William) Li, Crypto Trader
Editor's Note: Last night, the BNB Chain's leading lending protocol, Venus Protocol, was attacked, with abnormal activity in THE liquidity pool. THE experienced a short-lived spike of 116% to $0.6, followed by a rapid drop of over 60%. The Venus Protocol team responded, stating: "We are actively investigating the abnormal activity in THE liquidity pool, and to prevent further abuse, we have taken precautionary measures: immediately suspending all borrowing and withdrawal operations for THE. Other markets remain unaffected and will continue to operate as normal."

Amidst THE's sharp price swings, many traders seized the brief opportunity window to profit. This article, from crypto trader Weilin (William) Li, recounts the Venus Protocol attack and the profits made. The original content is as follows:

Two hours ago, VenuV's THE suffered a very typical Mango Markets-style price manipulation attack.

The attacker targeted the low liquidity collateral asset THE:

· Initially collateralize THE

· Borrow other assets

· Further buy THE with borrowed assets

· Continuously push THE price up

· Upon average oracle update, obtain higher collateral value, then continue the borrowing loop.

Venus Exploit Post-Mortem: How to Profit in a Flash Loan Window?

From my paper: Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems (https://dl.acm.org/doi/10.1145/3605768.3623545)

Due to THE on-chain illiquidity, the price was brutally dragged from $0.27 to nearly $5. The oracle price was then updated to 0.5 (time-weighted average), allowing the attacker to further leverage up.

More crucially, THE itself has a supply cap.


Normally, this would restrict the attacker from further expanding their position. But they used a classic trick to bypass this: the Compound fork's donation attack. After depositing a large amount of THE, directly transferring THE to the vTHE contract, they continued raising the recognized collateral value through a "donation" to further surpass the cap.

Attack Transaction: 0x4f477e941c12bbf32a58dc12db7bb0cb4d31d41ff25b2457e6af3c15d7f5663f

Attack Transaction: 0x4f477e941c12bbf32a58dc12db7bb0cb4d31d41ff25b2457e6af3c15d7f5663f. Expanding collateral through donation

After the first wave of attacks, THE price roughly stabilized around $0.5.

By this point, the attacker could have already walked away with the borrowed assets. However, they evidently wanted to maximize profits and continued to pour the borrowed assets into buying THE, attempting another round of surge.

But here's the issue: While the price was exceptionally high, the market selling pressure also became extremely exaggerated. The attacker kept buying but could hardly move the price further. Eventually, he nearly depleted his own collateral capacity, with a health factor close to 1, on the brink of liquidation.

THE Price Movement

At this point, the situation became very clear: The collateral in the attacker's possession, including their pre-allocated assets and the THE purchased during the attack, had a nominal value of approximately 30M. However, the core issue with this collateral was — there was simply not enough liquidity to absorb it. Once the liquidation began, this THE could only be aggressively dumped on the market. Yet in the market, no one would be willing to buy such a large amount at that inflated price.

So what did I do?

At the start of the liquidation, I directly opened a short position on THE. And this position could actually have a relatively higher leverage.

The reason is very simple: overvaluation, low liquidity, massive passive selling pressure, no buyers.

The result was not surprising either: after the liquidation, THE price plummeted to around $0.24, even lower than the price before the attack, as the original holder also sold during the process.

Here, I closed the short position, making a profit of about 15K.

My Short Position

In the end, Venus was left with around 2M bad debt.

As for how much the attacker actually made, I have not completed a full calculation yet; but from the operations of some of the addresses, he most likely barely made any money, and may have even wrecked himself. However, the attacker may still have off-exchange perpetual positions to make money (just like our operation).

Venus's around 2M bad debt address: https://debank.com/profile/0x1a35bd28efd46cfc46c2136f878777d69ae16231

Venus's ~2M Bad Debt:
https://debank.com/profile/0x1a35bd28efd46cfc46c2136f878777d69ae16231

This incident once again illustrates:


In DeFi, “Nominal Collateral Value” does not equal “Liquidation Value.” When the collateral itself lacks liquidity, the system may see 30M, but what the market can truly realize may be close to zero.

I published a paper in my 23rd year, titled Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems, where I provided a detailed mathematical model of this attack. Interested readers can refer to: https://dl.acm.org/doi/10.1145/3605768.3623545

Original Link

You may also like

Should You Buy Bitcoin Now? What the Data Says After a 50% Pullback

Should you buy Bitcoin now? Explore Bitcoin's nearly 50% pullback, ETF outflows, on-chain data, Strategy's BTC sale, and historical trends to assess whether July 2026 is a buying opportunity.

Founder of Baixing.com: I believe half of the statement that large language models devour everything

The internet has been shouting for so many years about devouring everything. Has it really devoured everything now? Is it the internet that devours everything, or is it the large models that devour everything? Both are devouring, and nothing is left?

A "legal" robbery? Attackers emptied the BonkDAO treasury by buying tickets

Handing over the keys to the vault to a public vote where "anyone can spend money to participate," without sufficient oversight mechanisms, even the most legitimate governance ideals may turn into the most convenient tools for attackers.

How has Binance's stock business performed in the 30 days since its launch?

Emerging market buying supported the first wave of demand.

WEEX P2P now supports BDT & LKR—Merchant Recruitment Now Open

To make crypto deposits easier, WEEX has officially launched its P2P trading platform and continues to expand fiat support. We're excited to announce that the Bangladeshi Taka (BDT) and Sri Lankan Rupee (LKR) are now available on WEEX P2P!

Morning News | SK Hynix officially launches the marketing promotion process for its U.S. stock listing; the Central Cyberspace Administration announces the results of the first phase of rectifying AI application chaos, with over 14,000 non-compliant pr...

July 6 Market Important Events Overview

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com