Oracle manipulations are hitting harder in the crypto industry alongside other crypto hacks. Earlier, we reported that hacks are overwhelming the industry; now it appears that oracle manipulations and malfunctions, in specific, are prevailing.
Venus Protocol on Binance’s BNB Chain (BSC) recently suffered a suspected oracle manipulation exploit targeting Thena (THE) token; that’s the latest incident to watch out for.
Thena tokens manipulated as Venus Protocol faces exploit
Venus Protocol is a DeFi lending platform on the BNB Chain, famous for both crypto lending and stablecoin minting. On March 15, a bad actor manipulated the price and collateral value of the THE tokens, causing a $2.18 million debt on the Venus Protocol.
Through the THE token manipulation, the attacker drained nearly $3.7 million in various assets.
Low liquidity triggers manipulation
A cryptocurrency or project with very little liquidity is more prone to hacks and other security breaches. That’s the same fault that triggered Oracle manipulation. The attacker knew that the THE token market had very low liquidity, helping them to artificially inflate its price and use the tokens as collateral in the lending protocol.
Basically, Venus allows users to deposit tokens as collateral and borrow other digital assets against them. In this incident, the attacker manipulated the price to a specific maximum level. When the collateral value is high, the borrower can withdraw more assets than the collateral’s worth.
So, the idea the attacker used is this: they manipulated THE price to higher values → used inflated THE tokens as collateral → borrowed millions worth of different assets.
Overpriced collateral opened the attacker a way to borrow assets such as BNB, PancakeSwap, and Bitcoin.
How $2.18 million in bad debt popped up?
Venus Protocol suffered $2.18 million in bad debt due to the price manipulation, as explained above. As the oracle saw the inflated price, the protocol believed that the collateral tokens were worth more than their real market price.
This tricky process of the attacker harmed the price of the Thena token, making it drop very well, because the collateral could not cover the borrowed loans.
In other words, when liquidators tried to seize or sell the collateral, meaning the THE tokens, they noticed that the low value of the collateral could not cover the borrowed funds. This resulted in a $2.18 million bad debt.
Attacker receives Ethereum as capital for Venus Protocol exploit
Something quite notable here is that the attacker used a particular token as a capital to execute oracle manipulation. According to Lookonchain, the attacker obtained 7,400 Ethereum (ETH) from Tornado Cash. They deposited the ETH tokens into the Aave protocol as collateral and borrowed nearly $9.92 million in stablecoins.
Eventually, these borrowed funds were used to manipulate the price of the THE tokens on Venus Protocol. If you ask how, the attacker got larger trading power by holding the borrowed stablecoins. These stablecoins helped the attacker buy large amounts of the THE tokens, as the liquidity of the tokens was thin.
