Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.
Why is it always stolen? On the systemic flaws in Venus contract design
Let’s further consider the logical possibilities of Venus Protocol being attacked:
1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan?
Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor.
2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra.
Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform.
3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus.
But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Polymarket, Kalshi bet big on web3—and global expansion
The post Polymarket, Kalshi bet big on web3—and global expansion appeared on BitcoinEthereumNews.com. Polymarket and Kalshi are doubling down on their future — literally — as both prediction-market platforms push into web3 and global markets in search of new revenue streams. Both startups are also on the hunt for regulatory approvals, and partnerships with sports organizations. Summary Polymarket and Kalshi reportedly kicked off expansion efforts. The plans were unveiled at a private New York dinner attended by ICE CEO Jeffrey Sprecher. Both platforms are exploring decentralized technologies and international venue partnerships as trading volumes rise. Bloomberg reports the expansion was kicked off in classic Wall Street fashion: with a private dinner high above New York’s financial district, where even Intercontinental Exchange CEO Jeffrey Sprecher showed up. Why it matters Both companies have been ramping up their growth strategies, each aiming to break out of their current lanes. Polymarket, which is about to relaunch in the U.S., and Kalshi, which just partnered with Coinbase, are now circling opportunities in web3 technologies — essentially taking prediction markets from the basement of the internet to the broader blockchain universe. As trading volumes rise, regulators and institutional players have been paying much closer attention to the sector — and so is big tech. Alphabet, for example, will soon display live probabilities from Kalshi and Polymarket on Google Finance and Google Search. This will allow users to type natural-language questions such as “Will the Fed cut rates in December?” and instantly see odds and how they’ve shifted over time. Kalshi supplies regulated U.S. event markets tied to economic data and policy decisions, while Polymarket covers a wider global range of topics, including politics, sports, and crypto. Both platforms have seen rising activity as more traders rely on prediction markets to assess future outcomes rather than traditional polls or analyst forecasts. Still, details on specific deals or regulatory filings…
Share
BitcoinEthereumNews2025/11/21 10:27
Why are XRP, BTC, ETH, and DOGE Prices Crashing?
The post Why are XRP, BTC, ETH, and DOGE Prices Crashing? appeared on BitcoinEthereumNews.com. XRP, BTC, ETH, and DOGE prices are experiencing significant declines, with the overall crypto market down 2.71% in the past 24 hours. Bitcoin has fallen below $90K, and Ethereum dropped under $3K, contributing to a broader market downturn. XRP Price Struggles as Price Dips Below $2 In the last 24 hours, the XRP price crashed by 2% and it has reduced by 15% in the current week, at a lower price of less than $2 in a bearish market. The price of the cryptocurrency is presented in the form of a descending triangle, which is indicative of the risk of a further decrease. A breakdown of major support lines added to the decline in the recent past, leading to stop-losses and a minor spurt of leveraged sell-side liquidations. Moreover, the whale action increased with 190 million XRP being sold within the past 48 hours. In the meantime, there is a Bitwise XRP ETF that has been launched, but the situation is unstable in the market. 190 million $XRP sold by whales in the last 48 hours! pic.twitter.com/nB0P7jADCx — Ali (@ali_charts) November 20, 2025 Bitcoin Price Plunges, Falling Below $90K Amid Market Sell-Off Bitcoin price dropped 2.24% to $86,858 over the past 24 hours, continuing a 12% weekly decline. The BTC was selling at a low of less than $90k as investor confidence shifted to the negative. Redemptions of Bitcoin ETFs amounted to a sharp decline of $3.3 billion this month, which further contributed to the negative pressure. Also, the Federal Reserve rate cut in December was in doubt, with the probability being now 33% and this burdened risk assets. BTC also sent down vital support levels, causing automated selling. The recent better-than-anticipated jobs report in United States sparked a question as to what Fed would do in future. Ethereum Price…
Share
BitcoinEthereumNews2025/11/21 10:29
Music body ICMP laments “wilful” theft of artists’ work
The post Music body ICMP laments “wilful” theft of artists’ work appeared on BitcoinEthereumNews.com. A major music industry group, ICMP, has lamented the use of artists’ work by AI companies, calling them guilty of “wilful” copyright infringement, as the battle between the tech firms and the arts industry continues. The Brussels-based group known as the International Confederation of Music Publishers (ICMP) comprises major record labels and other music industry professionals. Their voice adds to many others within the arts industry that have expressed displeasure at AI firms for using their creative work to train their systems without permission. ICMP accuses AI firms of deliberate copyright infringement ICMP director general John Phelan told AFP that big tech firms and AI-specific companies were involved in what he termed “the largest copyright infringement exercise that has been seen.” He cited the likes of OpenAI, Suno, Udio, and Mistral as some of the culprits. The ICMP carried out an investigation for nearly two years to ascertain how generative AI firms were using material by creatives to enrich themselves. The Brussels-based group is one of a number of industry bodies that span across news media and publishing to target the fast-growing AI sector over its use of content without paying any royalties. Suno and Udio, who are AI music generators, can produce tracks with voices, melodies, and musical styles that echo those of the original artists such as the Beatles, Depeche Mode, Mariah Carey, and the Beach boys. “What is legal or illegal is how the technologies are used. That means the corporate decisions made by the chief executives of companies matter immensely and should comply with the law,” Phelan told AFP. “What we see is they are engaged in wilful, commercial-scale copyright infringement.” Phelan. In June last year, a US trade group, the Recording Industry Association of America, filed a lawsuit against Suno and Udio. However, an exception…
Share
BitcoinEthereumNews2025/09/18 04:41