It seems that the market event involving Venus Protocol is actually more complicated than I initially thought.

According to the official explanation, this was not a flash loan attack, but rather an exploitation of a supply cap vulnerability hidden in the protocol's legacy code. The attacker spent about nine months steadily accumulating THE tokens and built a dominant position on Venus.

Their approach was quite clever: by directly sending THE to the protocol contract, they bypassed the normal deposit process and exceeded the supply cap of 14.5 million tokens. Then, taking advantage of the low on-chain liquidity, they manipulated the DEX price. They targeted the timing when the TWAP oracle reflected price changes gradually, using the inflated collateral value to repeatedly borrow CAKE and BNB, and then buy more THE to push the price up, creating a cycle.

As a result, the price rose from $0.27 to $0.53, but ultimately the position was liquidated, leaving bad debt within the protocol.

In response, Venus Protocol temporarily paused the THE market, reduced the collateral factor to zero, and also halted withdrawals. Additionally, as a preventive measure, they lowered the collateral factors to zero for eight markets: BCH, LTC, AAVE, POL, FIL, TWT, UNI, and lisUSD.

The team and security partners are continuing their investigation, and a full post-mortem report is scheduled to be released later. As users, we should keep a close eye on how Venus Protocol responds.