Venus Protocol attacker transferred 2,301 ETH and moved it into Tornado Cash for laundering

According to on-chain analyst Ai Auntie’s monitoring on April 22, the Venus Protocol attacker transferred 2,301 ETH (about $5.32 million) to address 0xa21…23A7f 11 hours ago, then moved the funds in batches into the crypto mixer Tornado Cash for laundering; as of the time of monitoring, the attacker still holds about $17.45 million worth of ETH on-chain.

On-Chain Monitoring Details for April 22

(Source: Arkham)

Based on Ai Auntie’s on-chain monitoring data, this transfer involves 2,301 ETH (about $5.32 million). The target address is 0xa21…23A7f, and the funds subsequently flowed in batches into Tornado Cash. As of the time of the report, the attacker still has about $17.45 million worth of ETH on-chain that has not been moved.

Attack Recap: March 16, 2026 — THE Token Manipulation Mechanism

According to public reports and an analysis by on-chain researcher Li Weilín, on March 16, 2026, Venus Protocol (the largest lending platform on BNB Chain) was attacked. The attacker used THENA’s low-liquidity THE token to steal about $3.7 million in digital assets. Security researchers confirmed the attacker address as 0x1a35…6231, which had already received 7,400 ETH from Tornado Cash before the attack was launched.

Li Weilín’s analysis shows that the attacker drove THE’s price from about $0.27 up to about $5 by purchasing large amounts of THE tokens, then borrowed about 20 BTCB, 1.5 million CAKE, and 200 BNB using the inflated collateral, and completed the fund extraction before the liquidation caused THE’s price to drop to $0.24. The way the attacker bypassed Venus’s supply cap was to directly transfer THE tokens to the vTHE contract rather than through the standard minting process—an established vulnerability in the Compound fork lending platform.

After the incident, THENA confirmed that its smart contracts were not compromised. Venus Protocol confirmed that “abnormal activity” occurred in the THE and CAKE markets, and reduced the collateral factors of six markets—BCH, LTC, UNI, AAVE, FIL, and TWT—to zero.

Frequently Asked Questions

What is the latest on-chain activity by the Venus attacker that Ai Auntie has detected?

According to on-chain analyst Ai Auntie’s monitoring on April 22, 2026, the Venus Protocol attacker transferred 2,301 ETH (about $5.32 million) to address 0xa21…23A7f 11 hours ago, and then moved the funds into Tornado Cash in batches; as of the time of monitoring, the attacker still has about $17.45 million worth of ETH on-chain.

How much funding was involved in the March 16 attack on Venus Protocol, and how did the attacker prepare?

According to public reports, the March 16, 2026 attack resulted in about $3.7 million in digital assets being stolen. Before launching the attack, the attacker had already received 7,400 ETH from Tornado Cash as initial funding.

What measures did Venus Protocol take after the March 16 attack?

According to Venus Protocol’s public statement, after Venus confirmed abnormal activity in the THE and CAKE markets, it reduced the collateral factors of six markets—BCH, LTC, UNI, AAVE, FIL, and TWT—to zero, freezing standard coverage metrics such as market cap, trading volume, DEX TVL, and single-user collateral concentration.