On March 15, 2026, Venus Protocol lost millions to a donation attack. The attacker manipulated the exchange rate on the vTHE contract by transferring tokens directly to it — inflating collateral values roughly 3x without minting anything. Then they borrowed against the inflated position and drained liquid assets.
The root cause is embarrassingly simple: Venus's supply cap only gated the mint() path. Direct ERC-20 transfers to the contract were completely unchecked.
How it worked
Venus is a BNB Chain lending protocol where the exchange rate between vTokens and their underlying tokens determines borrowing power. That exchange rate uses the contract's live token balance via balanceOf(). The protocol assumed all balance increases came through mint(), where supply caps are enforced. But any standard ERC-20 transfer increases a contract's balance without triggering mint().
The attacker spent nine months building a position — depositing 12.2 million THE tokens through normal minting, about 84% of the 14.5 million supply cap. Patient setup. Then in one atomic transaction, multiple pre-funded wallets transferred THE directly to the vTHE contract. The contract's balance jumped to 53.2 million — over 3.5x the authorized limit — and the exchange rate went from ~1.03 to ~3.17.
With the inflated collateral, they borrowed 6.67 million CAKE, 1.58 million USDC, 2,801 BNB, and around 20 wBTC. Then swapped borrowed tokens for more THE, transferred it back, and repeated. The recursive loop amplified borrowing power with each iteration.
What makes it tricky to analyze
At the event-log level, the inflated balances look legitimate. If you're relying on tracked minting data, you'll miss that the exchange rate moved without any corresponding mint. Recognizing this requires pairing on-chain balance data with contract logic review.
The nine months of patient accumulation add context that matters for proving intent. So does the attacker's use of Tornado Cash to funnel roughly 7,400 ETH before the setup phase. The on-chain timeline tells a story of deliberate preparation.
The broader risk
Every Compound-fork protocol that uses balanceOf() in its exchange rate calculation and only enforces supply caps through mint() shares this exact attack surface. If that describes your protocol, treat it as an open vulnerability.
Venus has since set collateral factors to zero on high-risk assets and proposed a multi-chain patch using an internalCash variable instead of raw balanceOf() calls. The fix is straightforward. The fact that it took a multi-million-dollar exploit to trigger it is the more uncomfortable lesson.