Security Incidents

Key Takeaways: An alleged exploit on Venus Protocol enabled a wallet to borrow about $3.7 million in crypto assets on the illiquid $THE token as security. The speech had taken out BTCB, CAKE and WBNB and was put into liquidation as collateral value declined. It is estimated that there is

An Israeli Times reporter faced harassment and death threats for accurately covering Iran's missile attack, with threateners attempting to coerce report modifications due to failed bets. The reporter has filed a complaint, stating commitment to professional ethics while expressing concern that others could be tempted.

U.S., U.K., and Canadian law enforcement agencies jointly launched "Operation Atlantic" to combat "approval phishing" scams targeting cryptocurrency users. Cryptocurrency fraud is expected to generate nearly $17 billion in illicit proceeds in 2025. The operation aims to identify victims, alert potential victims, and trace stolen assets.

Gate News, March 16: AI infrastructure project GAIB announced that its front-end webpage is currently facing security issues, warning users not to interact with the site until further notice. GAIB emphasized that user funds and smart contracts remain secure and unaffected. The team stated that they are actively working to resolve the problem and will provide further updates once the website is fully restored.

Venus Protocol is investigating suspicious activity indicating a potential Flash Loan attack on the $THE and $CAKE pools. This has led to the suspension of borrows and withdrawals of $THE, as the platform assesses the risk and community concerns surrounding possible market manipulation.

The Seoul Central District Court in South Korea rejected a motion for a preliminary injunction filed by the Flow Foundation and Dapper Labs against three exchanges, supporting their termination of FLOW trading. The court determined that there was insufficient evidence and prioritized investor protection. FLOW remains tradable on Korbit, but has been delisted from the other three exchanges.

The U.S. FBI is investigating 8 PC games on the Steam platform that are suspected of containing malware, primarily targeting users who downloaded them between 2024 and 2026. Victims can submit information through the FBI to receive compensation. This incident demonstrates that Steam's massive user base makes it a target for malicious attacks, and cryptocurrency assets are becoming a primary target of such attacks.

U.S. trading influencer ImanTrading recently accused fellow trading influencer TJR (Tyler Riches) in a video of profiting from courses and signal groups rather than actual trading. The video revealed that TJR previously borrowed money from friends to trade and incurred losses, and pointed out that his trading performance shows signs of falsification. Additionally, TJR's paid courses have been questioned for having more participants than claimed, with the actual teaching quality difficult to verify. The incident has sparked discussions about the boundary between influencers and legitimate traders.

Decentralized lending protocol Venus Protocol was attacked for approximately $3.7 million on March 15, 2026, resulting in $2.18 million in bad debt. The attacker conducted a sophisticated attack by manipulating the price of low-liquidity token $THE, combining on-chain lending with off-chain derivatives, exposing systemic risks. The incident prompted the industry to re-examine collateral eligibility standards and risk parameter design.

BNB Chain's lending protocol Venus Protocol fell victim to a hacker attack on March 16 that had been planned for 9 months, ultimately resulting in the extraction of approximately $5.07 million in assets and causing $2.15 million in bad debt. The attacker manipulated the price of THE token to trigger liquidations, and Venus responded by reducing collateral factors across multiple markets, highlighting the risks DeFi protocols face with low-liquidity tokens.

The China Digital Renminbi Operation and Management Center has announced three types of scams: pyramid schemes disguised as promotional activities, scams that lure transfers through rebate schemes for fake orders, and schemes that trick users into downloading counterfeit apps to steal information and funds.

White hat hacker f4lc0n discovered a serious vulnerability in the Injective protocol that could have led to the theft of $500 million in assets. Although the fix was rewarded with only a $50,000 bounty, which is below the maximum standard of $500,000, f4lc0n disputes this and plans to continue exposing the issue.

Decentralized lending platform Venus Protocol recently suffered a supply cap manipulation attack targeting the Thena token, resulting in losses exceeding $3.7 million. The attacker accumulated tokens over 9 months through gradual methods, ultimately bypassing the supply cap and manipulating the price to cause massive asset borrowing. The platform has suspended related lending and withdrawal functions to mitigate risks, exposing systemic vulnerabilities in DeFi protocols regarding long-term monitoring and low-liquidity tokens.

On March 16th, Aave and CoW Swap each released reports regarding the "high slippage trading loss of $50 million" incident. Aave attributed the problem to insufficient market liquidity, while CoW Swap pointed out outdated gas limits and transactions not being submitted on-chain. The two parties held opposing views, and neither mentioned the approximately $44 million MEV bot-related situation.

Venus Protocol on March 15th disclosed follow-up developments regarding abnormal activity in the THE liquidity pool, suspending borrowing and withdrawals of THE, and reducing collateral factors to 0 across 7 markets to prevent risks for certain users. Preliminary investigation shows that the attacker accumulated 84% of THE tokens through normal deposit methods and manipulated prices by exploiting on-chain liquidity constraints and oracle delays. The platform will maintain transparency and publish a comprehensive report upon completion of the investigation.

_Ledger Donjon exposed a MediaTek vulnerability that extracts Android wallet seed phrases in under 45 seconds, affecting millions of devices. CVE-2025-20435._ Ledger Donjon has uncovered a serious MediaTek vulnerability. It lets attackers pull wallet seed phrases from Android phones in seconds.

On March 15th, a suspected hacker address received 7,400 ETH from Tornado Cash, orchestrating liquidation events for CAKE and THE collateral that resulted in approximately $2.15 million in losses for Venus. The address manipulated THE price through complex operations, ultimately leading to the liquidation of its collateral on Venus, though substantial borrowed funds remain unpaid. Analysis suggests this event may have been a strategy employed to profit on a certain CEX.

Gate News reports that on March 15, Venus Protocol issued a security announcement stating that during the investigation of abnormal activity in the THE liquidity pool, preventive measures were taken to prevent further misuse, and all borrowing and withdrawal operations of THE tokens were immediately suspended. This measure will remain in effect until the investigation is concluded. Venus Protocol stated that other markets were unaffected and will continue to operate normally.

BNB Chain lending protocol Venus Protocol appears to have suffered a flash loan attack, resulting in massive liquidation of the token THE. The attacker has obtained approximately $3.6 million in assets, with liquidations ongoing. Currently, approximately 42 million THE tokens are awaiting liquidation.