Retrospective Analysis of Venus THE Attack: How to Profit in a Fleeting Window?

Title: How I Profited from the Venus THE Attack

Author: Weilin (William) Li

Source:

Repost: Mars Finance

Two hours ago, VenuV’s THE was subjected to a very typical Mango Markets-style price manipulation attack.

The attacker targeted the low-liquidity collateral THE:

· First, collateralize THE

· Borrow other assets

· Use the borrowed assets to buy more THE

· Push the THE price higher

· After the time-weighted average oracle updates, gain higher collateral value, then repeat the borrowing cycle

Due to THE’s extremely poor on-chain liquidity, the price was forcibly driven from $0.27 up to nearly $5. The oracle price then updated to 0.5 (time-weighted average), giving the attacker further leverage amplification.

More importantly, THE itself has a supply cap.

Under normal circumstances, this would limit the attacker from expanding their position further. But they used a classic veteran’s trick: the Compound fork donation attack. That is, after depositing a large amount of THE, they directly transferred THE to the vTHE contract, “donating” to artificially inflate the system-recognized collateral value, further breaking through the cap.

Attack transaction: 0x4f477e941c12bbf32a58dc12db7bb0cb4d31d41ff25b2457e6af3c15d7f5663f

After the first wave of attack, THE’s price stabilized around $0.5.

At this point, the attacker could have walked away with the borrowed assets. But they clearly wanted to maximize profits, so they continued to pour the borrowed assets into buying THE, attempting to push the price even higher.

The problem arose: although the price was abnormally high, market sell pressure also became extremely intense. The attacker kept buying but could no longer move the price much. Eventually, they nearly exhausted their collateral capacity, with their position health factor approaching 1, close to liquidation.

By then, the situation was very clear: the collateral held by the attacker, including their pre-prepared assets and the THE bought during the attack, had a nominal value of about $30 million. But the core issue was—these collateral assets simply lacked sufficient liquidity to support a liquidation. Once liquidation started, these THE would be dumped onto the market en masse. And on the market, no one would buy such a large amount at these inflated prices.

So what did I do?

At the start of the liquidation, I opened a short position on THE. And this position could actually have been leveraged even higher.

The reason is simple: overvalued, low liquidity, massive passive sell pressure, no buyers.

The result was no surprise: after liquidation, THE’s price fell back to around $0.24, even below the pre-attack price, because the original holders also sold during the process.

I closed my short here, making about $15K profit.

In the end, Venus was left with approximately $2 million in bad debt.

As for how much the attacker actually made, I haven’t fully calculated; but from the operations of some of their addresses, it’s likely they barely profited or even lost money, possibly even wrecked their own position. Still, the attacker might have off-platform perp positions to profit from (just like our operations).

Venus’s bad debt address:

This incident again demonstrates:

In DeFi, “nominal collateral value” does not equal “liquidation value.” When the collateral itself lacks liquidity, the system sees a value of $30M, but the market’s actual realizable value might be barely a fraction of that.

Back in 2023, I published a paper titled Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems, which provides a detailed mathematical model of this type of attack. Interested readers can refer to it: