Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.Let’s further consider the logical possibilities of Venus Protocol being attacked: 1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan? Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor. 2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra. Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform. 3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus. But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.
Why is it always stolen? On the systemic flaws in Venus contract design
Let’s further consider the logical possibilities of Venus Protocol being attacked:
1) Security experts say that some big investors were phished. Conventional wisdom suggests that they could just withdraw funds directly with the private key. How could there be a flash loan?
Most likely, the hacker obtained updateDelegate authorization through social engineering, gaining access to the account of a large investor, but without immediate liquidity to withdraw. In layman's terms, the hacker obtained the authority, but the large investor only had collateral, not the borrowed funds. The hacker had to find a way to obtain the collateral of the large investor.
2) Is it that the individual phishing incidents involving the major investor have nothing to do with the Venus contract? As mentioned earlier, if the hacker discovered that the major investor's account had no liquidity, their efforts would normally be in vain. But why was it possible to withdraw collateral through a simple flash loan attack? The answer lies in the Venus contract mechanism. The hacker may have used flash loans and a series of vToken cross-platform exchange rate differences to help the major investor repay the collateral and even withdraw some extra.
Simply put, it is true that the collateral of the big investors was stolen, but it is very likely that it will become a bad debt of the Venus contract platform, unless the big investors are stupid enough to pay back the platform.
3) While other users' funds are temporarily safe, the Venus platform faces significant liability concerns. While the attack was triggered by a large investor being phished by a social engineering scheme, the platform ultimately profited. The $30 million stolen is likely to become bad debt for the Venus platform, and coupled with the temporary panic and bank run, the impact could be devastating for Venus.
But the greater impact is that this incident has brought back horrific memories of Venus's habitual attacks. The XVS price manipulation incident and its use as a tool for money laundering via BNB's cross-chain bridge are all examples of damage caused by fundamental flaws in Venus's security engineering. As the largest lending protocol on BSC, this is unacceptable. Note: The above is based on reasonable speculation based on the currently disclosed information. The details will be determined based on actual disclosed details.
Market Opportunity
Binance Coin Price(BNB)
$848.2
$848.2$848.2
USD
Binance Coin (BNB) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Building a DEXScreener Clone: A Step-by-Step Guide
DEX Screener is used by crypto traders who need access to on-chain data like trading volumes, liquidity, and token prices. This information allows them to analyze trends, monitor new listings, and make informed investment decisions. In this tutorial, I will build a DEXScreener clone from scratch, covering everything from the initial design to a functional app. We will use Streamlit, a Python framework for building full-stack apps.
Share
Hackernoon2025/09/18 15:05
Which DOGE? Musk's Cryptic Post Explodes Confusion
A viral chart documenting a sharp decline in U.S. federal employment during President Trump's second term has sparked unexpected confusion in cryptocurrency markets
Share
Coinstats2025/12/20 01:13
Google's AP2 protocol has been released. Does encrypted AI still have a chance?
Following the MCP and A2A protocols, the AI Agent market has seen another blockbuster arrival: the Agent Payments Protocol (AP2), developed by Google. This will clearly further enhance AI Agents' autonomous multi-tasking capabilities, but the unfortunate reality is that it has little to do with web3AI. Let's take a closer look: What problem does AP2 solve? Simply put, the MCP protocol is like a universal hook, enabling AI agents to connect to various external tools and data sources; A2A is a team collaboration communication protocol that allows multiple AI agents to cooperate with each other to complete complex tasks; AP2 completes the last piece of the puzzle - payment capability. In other words, MCP opens up connectivity, A2A promotes collaboration efficiency, and AP2 achieves value exchange. The arrival of AP2 truly injects "soul" into the autonomous collaboration and task execution of Multi-Agents. Imagine AI Agents connecting Qunar, Meituan, and Didi to complete the booking of flights, hotels, and car rentals, but then getting stuck at the point of "self-payment." What's the point of all that multitasking? So, remember this: AP2 is an extension of MCP+A2A, solving the last mile problem of AI Agent automated execution. What are the technical highlights of AP2? The core innovation of AP2 is the Mandates mechanism, which is divided into real-time authorization mode and delegated authorization mode. Real-time authorization is easy to understand. The AI Agent finds the product and shows it to you. The operation can only be performed after the user signs. Delegated authorization requires the user to set rules in advance, such as only buying the iPhone 17 when the price drops to 5,000. The AI Agent monitors the trigger conditions and executes automatically. The implementation logic is cryptographically signed using Verifiable Credentials (VCs). Users can set complex commission conditions, including price ranges, time limits, and payment method priorities, forming a tamper-proof digital contract. Once signed, the AI Agent executes according to the conditions, with VCs ensuring auditability and security at every step. Of particular note is the "A2A x402" extension, a technical component developed by Google specifically for crypto payments, developed in collaboration with Coinbase and the Ethereum Foundation. This extension enables AI Agents to seamlessly process stablecoins, ETH, and other blockchain assets, supporting native payment scenarios within the Web3 ecosystem. What kind of imagination space can AP2 bring? After analyzing the technical principles, do you think that's it? Yes, in fact, the AP2 is boring when it is disassembled alone. Its real charm lies in connecting and opening up the "MCP+A2A+AP2" technology stack, completely opening up the complete link of AI Agent's autonomous analysis+execution+payment. From now on, AI Agents can open up many application scenarios. For example, AI Agents for stock investment and financial management can help us monitor the market 24/7 and conduct independent transactions. Enterprise procurement AI Agents can automatically replenish and renew without human intervention. AP2's complementary payment capabilities will further expand the penetration of the Agent-to-Agent economy into more scenarios. Google obviously understands that after the technical framework is established, the ecological implementation must be relied upon, so it has brought in more than 60 partners to develop it, almost covering the entire payment and business ecosystem. Interestingly, it also involves major Crypto players such as Ethereum, Coinbase, MetaMask, and Sui. Combined with the current trend of currency and stock integration, the imagination space has been doubled. Is web3 AI really dead? Not entirely. Google's AP2 looks complete, but it only achieves technical compatibility with Crypto payments. It can only be regarded as an extension of the traditional authorization framework and belongs to the category of automated execution. There is a "paradigm" difference between it and the autonomous asset management pursued by pure Crypto native solutions. The Crypto-native solutions under exploration are taking the "decentralized custody + on-chain verification" route, including AI Agent autonomous asset management, AI Agent autonomous transactions (DeFAI), AI Agent digital identity and on-chain reputation system (ERC-8004...), AI Agent on-chain governance DAO framework, AI Agent NPC and digital avatars, and many other interesting and fun directions. Ultimately, once users get used to AI Agent payments in traditional fields, their acceptance of AI Agents autonomously owning digital assets will also increase. And for those scenarios that AP2 cannot reach, such as anonymous transactions, censorship-resistant payments, and decentralized asset management, there will always be a time for crypto-native solutions to show their strength? The two are more likely to be complementary rather than competitive, but to be honest, the key technological advancements behind AI Agents currently all come from web2AI, and web3AI still needs to keep up the good work!
Share
PANews2025/09/18 07:00