Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.
Why is it always stolen? On the systemic flaws in Venus contract design
Let’s further consider the logical possibilities of Venus Protocol being attacked:
1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan?
Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor.
2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra.
Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform.
3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus.
But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
BitMine koopt $44 miljoen aan ETH
De grootste Ethereum (ETH) treasury ter wereld, BitMine Immersion Technologies, heeft weer toegeslagen op de crypto markt. Uit on-chain data blijkt dat BitMine, ook bekend onder het ticker symbool BMNR, voor $44 miljoen aan ETH munten heeft gekocht. Wat betekent dit voor de grootste altcoin? Check onze Discord Connect met "like-minded" crypto enthousiastelingen Leer gratis de basis van Bitcoin & trading - stap voor stap, zonder voorkennis. Krijg duidelijke uitleg & charts van ervaren analisten. Sluit je aan bij een community die samen groeit. Nu naar Discord BitMine verdubbelt inzet op Ethereum Om precies te zijn koopt BitMine 14.618 ETH munten erbij, goed voor dus $44 miljoen. Zo blijkt uit on-chain gegevens gedeeld door Lookonchain op X. Daarmee tilt de grote Ethereum treasury zijn voorraad naar maar liefst 3,63 miljoen ETH ter waarde van ruim $11 miljard, aldus data van StrategicETHReserve. Daarmee controleert het bedrijf nu 3% van alle Ethereum in omloop. Tom Lee(@fundstrat)’s #Bitmine just bought another 14,618 $ETH($44.34M) 4 hours ago.https://t.co/P684j5Yil8 pic.twitter.com/LHOpDto1R5 — Lookonchain (@lookonchain) November 28, 2025 De ambities liggen desondanks een stuk hoger: BitMine wil uiteindelijk 5% van de volledige ETH voorraad bezitten. Oftewel, we kunnen nog flink wat Ethereum aankopen verwachten van het bedrijf in de komende maanden. Door de aggresssieve ETH strategie van het bedrijf zijn ze bij uitstek de grootste Ethereum reserve. De nummer twee, SharpLink Gaming, bezit ongeveer 859.400 ETH munten ter waarde van zo’n $2,62 miljard. Deze agressieve uitbreiding volgt een duidelijke strategie. BitMine verwacht dat Ethereum een grotere rol in de tokenisatie. Bedrijven bezitten samen al bijna 5,01% van alle ETH, een signaal dat corporates zich voorbereiden op een toekomst waarin Ethereum een basislaag wordt voor financiële infrastructuur. Waarom BitMine zijn treasury blijft uitbreiden BitMine bouwt zijn treasury verder uit omdat het een dominante positie in het Ethereum netwerk wil innemen. Meer ETH geeft BitMine straks hogere staking-opbrengsten en meer invloed op de liquiditeit binnen het netwerk. Ook gelooft BMNR sterk in de rol van Ethereum in de toekomst van financiële infrastructuur. Bestuurslid Tom Lee verwacht dat ETH een dominante speler zal zijn in de stablecoin en tokenisatie markt. Beide sectoren zijn hard aan het groeien, mede dankzij duidelijke wet- en regelgeving onder de Trump administratie zoals de GENIUS Act. Daarnaast gelooft Tom Lee in een zogeheten supercycle voor ETH. Volgens de bekende top analist kan de grootste altcoin zelfs Bitcoin (BTC) voorbijstreven, allemaal dankzij grootschalige adoptie door tokenisatie. Als Ethereum de huidige marketcap van BTC wil evenaren dan zou de ETH koers al op ruim $15.000 komen. ETH en BMNR krabbelen langzaam op uit diepe dip De ethereum prijs reageerde vandaag beperkt op het nieuws. De altcoin steeg over de afgelopen 24 uur met 0,8% tot een huidige koers van $3.050. Daarmee zet de munt samen met de rest van de crypto markt een stijgende trend voort. Na een heftige crash in de afgelopen weken zakte de ETH koers vorige week vrijdag tot onder de $2.700. Ook het BMNR aandeel is langzaam aan het terugkrabbelen. Het ETH treasury bedrijf zakte vorige week tot $26. Een flinke crash ten opzichte van de all time high van $135 dat het bedrijf in juli van dit jaar nog wist te realiseren. De sterke daling van het BMNR aandeel valt samen met een algehele neerwaartse trend onder crypto treasury bedrijven. Ook Strategy, de grootste publieke Bitcoin houder, is ook flink lager aan het handelen vanaf zijn all time. Zo staat het MSTR aandeel momenteel op $175 tegenover een prijs record van $457 in juli. Ethereum (ETH) kopen op Bitvavo Bitvavo - grootste crypto exchange in Nederland Meer dan 340 beschikbare cryptocurrencies Lage transactiekosten Gemakkelijk via iDeal geld storten Professionele traders dashboard Bitvavo review Koop ETH op Bitvavo Let op: cryptocurrency is een zeer volatiele en ongereguleerde investering. Doe je eigen onderzoek. Het bericht BitMine koopt $44 miljoen aan ETH is geschreven door Thomas van Welsenes en verscheen als eerst op Bitcoinmagazine.nl.
Share
Coinstats2025/11/28 20:31
Upbit hack sparks altcoin season in Korea? Thailand targets WLD
The post Upbit hack sparks altcoin season in Korea? Thailand targets WLD appeared on BitcoinEthereumNews.com. Korean crypto bros are pumping altcoins after Upbit’s $36M exploit Korean crypto traders are having an outsize effect on local altcoin prices following a major hack at South Korean exchange Upbit, according to CryptoQuant CEO Ki Young Ju. (Ki Young Ju) “Upbit got hacked and paused withdrawals, but Koreans are pumping alts since arbitrage bots are no longer running,” Ju said in an X post on Thursday, shortly after the exchange halted transaction activity after detecting an “abnormal transaction” with a value of around $36 million. With arbitrage activity suspended, local buy orders are having more significant pressure on prices, allowing Korean-listed altcoins to surge, as the selling pressure that typically puts a ceiling on price increases has disappeared. Crypto trader R2D2 said, “Unbelievable scenes here.” Crypto analyst A79 said, “Hack happens, and Koreans just flip it into a rally.” Upbit announced on Thursday that it had suspended deposits and withdrawals after identifying an unauthorized transaction worth approximately 54 billion won ($36 million), involving mainly Solana-based assets that were transferred to an unidentified wallet address. Assets reportedly affected by the hack include BONK (BONK), Official Trump (TRUMP), MOODENG (MOODENG), and Render (RENDER). Upbit to cover loss to prevent “any damage” to user assets The exchange clarified that while the hot wallet was impacted, its cold wallets — where the majority of user funds are stored — were not compromised. Dunamu CEO Oh Kyung-seok said: “We immediately identified the extent of the digital asset outflow caused by the abnormal withdrawals and will cover the entire amount with Upbit assets to prevent any damage to our members’ assets.” Some industry participants were confused by the fact that all the red numbers Ju shared were positive. StarkWare ecosystem lead Brother Odin was quick to ask the obvious question, before Ju explained that red…
Share
BitcoinEthereumNews2025/11/28 21:20
IOG, Emurgo & CF Unite on 70M ADA Plan to Power Cardano
The post IOG, Emurgo & CF Unite on 70M ADA Plan to Power Cardano appeared on BitcoinEthereumNews.com. Bena Ilyas is a seasoned crypto writer spending over 4 years in the field. While scrolling through her favorite topics in the cryptoverse, she likes to cover the crypto market trends (with a keen eye on Bitcoin, Ethereum, hype-filled altcoins), ETF flows, regularity developments, fintech, blockchain-based games, and everything that relates to crypto or blockchain in some way. Before she dipped into cryptocurrencies in 2020, she was doing her MBA from Islamia University of Bahawalpur, but her curiosity about the fast-paced crypto industry set the stage for her journalism career soon after her MBA completion. Apart from CNF, Bena could be spotted on NewsBTC, Bitcoinist, CoinSpeaker, BTCPolitan, and Fuchawire as her past contribution to cryptocurrencies. Besides her contribution to these renowned crypto outlets, she was admired as an expert crypto trading analyst by the IME Institute BWP. Outside of work, she enjoys reading books and cooking delicious dishes in her spare time. Full Profile Source: https://www.crypto-news-flash.com/70m-ada-plan-to-power-cardanos-defi/?utm_source=rss&utm_medium=rss&utm_campaign=70m-ada-plan-to-power-cardanos-defi
Share
BitcoinEthereumNews2025/11/28 21:11