DCN and CyberStrategy Institute have brought you yet another episode of weekly cyber security review news.

So much has happened and the industry keeps evolving. Read on to know what has happened and to stay cautious going forward.

Venus Protocol ERC-4626 Donation Attack Exposes DeFi’s Ongoing Oracle Vulnerability

Venus Protocol suffered a $902K loss due to a sophisticated oracle manipulation exploit rooted in a known vulnerability with ERC-4626 vaults. The attacker executed a “donation attack” by inflating the exchange rate in the wUSDM vault on zkSync, leveraging low liquidity to manipulate the price without minting corresponding shares. This attack, which led to a profit of 86.72 ETH, exploited valuation mechanics that were already well-documented by protocols like Euler Finance and OpenZeppelin. Despite prior warnings and published mitigation strategies, many DeFi projects continue to integrate ERC-4626 without safeguards.