On March 22, 2026, in Eastern Eight Time, the two major DeFi protocols, Venus and Resolv, were exposed to security incidents on the same day: the former suffered malicious asset extraction and sell-off, while the latter was exploited through a minting logic vulnerability to create a large number of tokens. On the surface, this appears to be a typical on-chain security black swan, but the actual flow of on-chain funds provided an unexpected result—after completing arbitrage, the two attackers did not choose to retain large amounts of dollar assets like USDC; instead, they concentrated on exchanging for approximately 13,700 ETH, equivalent to about 28.56 million dollars in buy orders at that time. Security incidents should have undermined market confidence, yet short-term, they provided support for ETH, making this sense of dislocation of “hackers wreaking havoc → mainstream assets benefiting passively” the most bizarre scene in the current crypto narrative.

Venus's hacked funds escaped but...

In the Venus incident, the attacker's path was relatively straightforward: first extracting assets from positions through a contract vulnerability and then selling them in batches on the secondary market. On-chain data shows that they sold 2,178 BNB, 20 BTC, and 1.466 million CAKE, opting for a typical escape rhythm of "selling while converting"—first quickly dumping high liquidity assets like BNB, BTC, and CAKE into the market to gain mainstream liquidity, then uniformly converting into ETH.

Ultimately, this round of selling was recorded as exchanging for approximately 2,257.3 ETH, which equates to about 4.72 million dollars at the time. This means that the hacking of Venus did not result in selling pressure on ETH, but rather in a passive "reallocation" from assets like BNB, BTC, and CAKE to ETH. Under the current market environment, this volume of buying is not remarkable, but it was enough to provide visible support on the order book in a short time.

This method's impact on the emotions of the sold assets and the Venus ecosystem was far greater than the numbers themselves. BNB, BTC, and CAKE bore the brunt of concentrated selling pressure in a short time, and the relevant trading pairs showed significant transaction volume and price declines during the attack window; meanwhile, users in the Venus ecosystem saw their protocol's assets sold off by hackers as "chips," which objectively amplified doubts about the protocol's risk control capabilities and token value support. Even if not all funds came from ordinary user positions, such a scene was still enough to create a loss of trust on an emotional level.

Resolv's minting vulnerability ignited...

Compared to Venus’s “traditional withdrawal-sale” path, the Resolv incident showcased a textbook example of contract logic vulnerabilities: the attacker used only 200,000 USDC to exploit a minting vulnerability, generating 80 million USR. The core issue was not the size of the amount but that the contract failed to effectively limit the minting cap or collateral ratio, allowing the attacker to leverage a minimal cost to create a far greater supply of tokens, instantly breaking the price anchoring logic of USR.

After completing the abnormal minting, the attacker began to rhythmically sell their USR holdings. Among them, 43.26 million USR were sold in batches, ultimately exchanging for 11,437 ETH, equivalent to about 23.84 million dollars at the time, which again shifted funds into ETH. This means that the Resolv incident alone provided ETH with more than five times the passive buying interest compared to Venus, and its marginal effect on short-term liquidity was far greater than the latter.

Even more striking was the falling price trajectory of USR itself. In this round of sell-off, the remaining 36.74 million USR faced liquidity pressure and loss of confidence, with prices crashing below the original anchoring level, showing a reported price drop of approximately 88%, leaving a market value of only about 2.04 million dollars. The market presented a typical “stampede-style market” scene: buy orders were quickly extinguished, deep limit orders were eaten away one by one, and after slippage amplified, a domino-like selling was triggered, making it nearly impossible for ordinary holders to exit at reasonable prices; they could only passively take on losses in the waterfall or choose to take their losses and leave.

How security incidents unintentionally stacked up an ETH buying wall

When combining the two incidents, a rather ironic total emerges: the Venus attacker exchanged for 2,257.3 ETH, and the Resolv attacker exchanged for 11,437 ETH, totaling approximately 13,700 ETH, corresponding to about 28.56 million dollars in buy orders. On-chain analyst Yujin's statistics also provided similarly scaled data, indicating that on March 22, 2026, a large portion of ETH's spot buying came from the “forced buying” triggered by these two security incidents.

What is particularly intriguing is that the attackers ultimately chose to concentrate on converting into ETH rather than remaining in dollar assets like USDC on the secondary market long-term. As for motives, we cannot and should not speculate in detail, but we can reasonably make several abstract hypotheses: first, ETH, being a mainstream asset, has robust on-chain liquidity, anonymity, and transferability, making it more practical for attacking funds seeking to quickly diversify risks; second, under the increasing compliance pressure and on-chain monitoring, the perceived risk of holding large amounts of centralized dollar assets could be higher than that of mainstream public chain assets; third, ETH has richer depth and cash-out channels in the secondary market, facilitating gradual liquidation later.

From the order book structure, this passive buy order of approximately 28.56 million dollars clearly posed a positive impact on ETH’s short-term spot liquidity. Concentrated buying during a window following the attacks essentially gave ETH a “temporary buy wall,” buffering against the impact of other selling pressures at that time. However, this support has obvious limits in terms of marginal impact and time: firstly, such buy orders are one-off without any expected continuity; secondly, once attackers start reverse selling ETH to realize profits, this buy wall could transform into additional selling pressure at some point in the future; thirdly, this buy order stems from a protocol security flaw, which does not constitute a positive improvement to ETH's fundamentals or valuation logic. Therefore, viewing it as a short-term liquidity event rather than a trend-positive factor may be closer to the truth.

DeFi hackers' arbitrage and protocol security...

The incidents of Venus and Resolv appear to be different attack paths on the surface: one leaning towards asset extraction and the other towards minting logic; however, what is exposed behind them is a shared set of shortcomings in DeFi protocols concerning risk control and contract auditing. Firstly, protocols often heavily rely on oracles, price anchoring, and internal bookkeeping coordination when designing collateral and minting logic; if any link has boundary conditions uncovered, permission checks overlooked, or extreme scenarios unsimulated, attackers may leverage a minimal cost to manipulate the entire asset pool. Secondly, traditional auditing processes primarily focus on main contract logic, insufficiently covering peripheral modules, upgrade logic, risk switches, and other “grey areas,” leaving room for complex attacks.

This issue is not an isolated case. Recent disclosures by the security team 360 Security Cloud of the high-risk vulnerability of OpenClaw Gateway further verified the universality of security risks: even components that were repeatedly stated to have been audited could still harbor high-risk flaws in gateway permissions, invocation boundaries, and cross-contract interactions. For ordinary users, phrases commonly used by project teams like “already audited” or “collateral pool intact” do not constitute a genuine security commitment, but only indicate that some risks have been checked under known scenarios.

The follow-up statement from the Resolv incident also amplified this cognitive disconnect. The project emphasized that the collateral pool remains intact, and there are no losses of underlying assets, which is not necessarily inaccurate from an asset-liability perspective; however, in the face of the reality of a 88% crash in USR prices, holders directly felt the dramatic shrinkage of their book value. In other words, the protocol’s claim that “the pool hasn't lost money” and users’ experience that “the tokens in hand are worthless” can coexist; the gap between the two reflects the largest vacuum in current DeFi risk perception: the project believes itself to be secure, while users bear all minting and liquidity risks in market pricing.

The tug-of-war between short-term benefits and long-term unease

Overall, the simultaneous security incidents at Venus and Resolv brought about approximately 28.56 million dollars in passive buying for ETH, constituting a short-term benefit in price, yet forming a paradox that is hard to reconcile logically: the more protocols are hacked, the more arbitrage funds flow into ETH, making ETH appear to be the “ultimate absorber” of security incidents. This inverse bullishness is fundamentally unsustainable, as it is based on protocol security failures and user losses rather than any healthy improvement in fundamentals.

Looking ahead, whether in regulatory implications or industry self-discipline, it is highly likely that there will be continued intensification of contract security: including but not limited to stricter code disclosure requirements, higher standards for audit thresholds, more detailed risk control plans, and emergency mechanisms, etc. However, without more public information and institutional details, predicting specific regulatory paths or timelines would be irresponsible, and this article will not delve further.

For investors, a more realistic lesson is to learn to actively separate the two curves: one is the price performance of on-chain assets, such as the additional buying and price support ETH gained in the short term; the other is the operational security of underlying protocols, like the logical flaws and governance vulnerabilities exposed by Venus and Resolv. When these two curves show significant mismatches—prices are firm or even rising while risks accumulate quietly at the bottom—relying solely on candlestick charts for decision-making can become exceedingly dangerous. Whether one can see through this structural contradiction beyond emotions and narratives might determine who survives in the next wave of volatility.

Join our community to discuss and grow stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh

OKX welfare group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance welfare group: https://aicoin.com/link/chat?cid=ynr7d1P6Z

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。