Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.

Why is it always stolen? On the systemic flaws in Venus contract design

By: PANews

2025/09/03 13:00

WHY$0.00000002714-2.58%

Let’s further consider the logical possibilities of Venus Protocol being attacked:

1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan?

Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor.

2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra.

Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform.

3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus.

But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

Share Insights