Thena downtrend continues despite exploit denial, APR increase

A few days after the supply cap manipulation attack where an attacker borrowed more than $14.9 million from the DeFi platform Venus Protocol, the value of $THE, the native token of another DeFi platform, Thena, was used in the attack, continues to decline.

Thena has insisted its own smart contracts were never affected, but this hasn’t been enough to change market sentiment as THE has fallen more than 44% since March 15.

The token has risen from $0.27 after the incident to $0.15 at the time of writing. Trading volume has also shrunk by more than 51%.

Meanwhile, XVS, Venus Protocol’s governance token, which has been pointed to as the source of the entire debacle, tells a different story as it is up over 12% in the same seven-day period while trading at over $3.35.

Analysts believe it appears that the markets have largely blamed the architecture of one specific Venus lending market rather than the integrity of either protocol, and in this case it is Thena who is bearing the brunt.

The Protocol is now taking steps to reverse its fortunes, including rewarding remaining holders with significantly higher annual returns (APRs).

Can be a ‘big $APR increase’ restore confidence in Thena?

As part of the next steps, Thena stated on March 17 that THE Single Sided Vaults will see a major increase in $APRdriven by fees generated during the incident. It added that this will be updated weekly on Tuesdays.

In a separate post on the same day, Thena confirmed that it had refreshed the single-sided vault APRs to reflect fees accrued over the past seven days.

It also mentioned that the vaults, operated in partnership with the ICHI Foundation, allow users to enter with a single asset while dynamically managing exposure, typically retaining between 65 and 95% of the deposited token depending on prevailing conditions.

Voters in the current era of governance are also expected to receive outsized returns due to the increase in volume.

So far, Thena’s token has not responded to these incentives and market observers will continue to closely monitor developments.

Attacker leaves bad debt after borrowing $14.9 million

According to the post-mortem published by Venus Protocol, the attacker who started this drama started worked on the exploit about nine months ago, and it’s been piling up $DE distributed across multiple wallets and ultimately owning approximately 84% of the 14.5 million token supply on Venus Protocol’s DE lending market.

That accumulation phase was funded by 7,447 $ETHworth approximately $16.29 million, according to the report. This amount was withdrawn from Tornado Cash in 77 separate transactions, deposited as collateral on Aave, and then approximately $9.92 million in stablecoins (USDT, DAI, $USDC), which the attacker used to gradually purchase THE without triggering an alarm.

The attack itself was carried out on March 15 at 11:55 UTC, bypassing supply limit controls.

This increased the contract’s internal exchange rate by 3.81 times, turning a collateral position of $3.3 million into a recognized borrowing capacity of more than $12 million.

The attacker went on to rake in $14.9 million in assets, all consisting of 6.67 million $CAKE tokens, 2,801 BNB, 1,972 WBNB, $1.58 million $USDCand 20 BTCB.

The attacker stated that there was a cycle of borrowing, exchange, and donations that pushed THE’s price from $0.26 to $0.51 on-chain, boosting the total of tokens supplied 3.67 times the supply limit to 53.2 million.

When it ended, Venus had about $2.15 million in bad debt, mostly expressed in $CAKE and DE.

The post-mortem noted that the exploited vulnerability was first noticed in 2023, with the Venus development team assessing it to have no side effects and deploying no workaround to resolve the issue.

The Venus Protocol team now acknowledges that more could have been done to prevent the exploit.