ChainThink reports that on March 16, Venus Protocol released an update on the recent unusual activity in the THE pool. In addition to previously suspending borrowing and withdrawals for THE, the protocol has now reduced the collateral factors (CF) to 0 for seven markets to mitigate risks associated with markets where a single user holds an excessively high proportion of collateral. These seven markets are BCH, LTC, UNI, AAVE, FIL, TWT, and lisUSD. All other markets remain unaffected and continue to operate normally.
The attack method has been preliminarily determined as follows: Starting in June 2025, the attacker gradually accumulated THE tokens through legitimate deposit processes, eventually holding 84% of the supply cap (approximately 12.2 million THE). Yesterday, the hacker directly transferred the THE tokens into the protocol contract, instantly inflating the supply and creating a massive amount of collateral. The attacker then executed a recursive price manipulation cycle, exploiting the extremely low on-chain liquidity of THE combined with TWAP oracle delays. The cycle involved: depositing THE, borrowing other assets, using the borrowed assets to purchase more THE on-chain, and waiting for the TWAP oracle to update and artificially inflate the price.
Venus states that it is always committed to transparency and will release a full report after the investigation is complete.