[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-292m-defi-hack-security-reset-zh":3,"tags-292m-defi-hack-security-reset-zh":37,"related-lang-292m-defi-hack-security-reset-zh":46,"related-posts-292m-defi-hack-security-reset-zh":50,"series-blockchain-79a846c4-8dcc-4f59-b152-6c57201f0616":87},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":21,"translated_content":10,"views":22,"is_premium":23,"created_at":24,"updated_at":24,"cover_image":11,"published_at":25,"rewrite_status":26,"rewrite_error":10,"rewritten_from_id":27,"slug":28,"category":29,"related_article_id":30,"status":31,"google_indexed_at":32,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":33,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":23},"79a846c4-8dcc-4f59-b152-6c57201f0616","292M DeFi 攻擊後的安全重設","\u003Cp data-speakable=\"summary\">Kelp DAO 的 2.92 億美元攻擊，讓 \u003Ca href=\"\u002Fnews\u002Fdeezer-ai-tracks-44-percent-new-uploads-zh\">De\u003C\u002Fa>Fi 重新檢查安全、治理和抵押規則。\u003C\u002Fp>\u003Cp>這次不是單純被盜錢而已。它發生在 \u003Ca href=\"https:\u002F\u002Fwww.morpho.org\" target=\"_blank\" rel=\"noopener\">Morpho\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fwww.blackrock.com\" target=\"_blank\" rel=\"noopener\">BlackRock\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fapp.uniswap.org\" target=\"_blank\" rel=\"noopener\">Uniswap\u003C\u002Fa> 這些名字都在往鏈上靠的時候。說真的，時機爛到不行。\u003C\u002Fp>\u003Cp>問題也不只在損失金額。這種事件會直接撞上機構的風控流程。你可以想像一下，資產管理公司、法遵、稽核、投資委員會，全都會開始問同一件事：這套系統到底靠不靠得住。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>指標\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003Cth>意義\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>Kelp DAO 攻擊損失\u003C\u002Ftd>\u003Ctd>2.92 億美元\u003C\u002Ftd>\u003Ctd>這次事件直接打到 DeFi 的信任底線\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Apollo Global Management 資產規模\u003C\u002Ftd>\u003Ctd>9,000 億美元\u003C\u002Ftd>\u003Ctd>顯示機構資金真的在看鏈上市場\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Janus Henderson 資產規模\u003C\u002Ftd>\u003Ctd>約 5,000 億美元\u003C\u002Ftd>\u003Ctd>代表大型資產管理人已經把鏈上金融當正事\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>RWA 市場成長\u003C\u002Ftd>\u003Ctd>自 2025 年起成長 6 倍\u003C\u002Ftd>\u003Ctd>代幣化真實世界資產正在吃進 DeFi 核心\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>為什麼這次攻擊特別傷\u003C\u002Fh2>\u003Cp>Kelp DAO 事件打到的，不是只有一個協議。它打到的是整個 \u003Ca href=\"\u002Ftag\u002Fdefi\">DeFi\u003C\u002Fa> 的敘事。以前大家還能把攻擊說成「加密原生風險」。現在不行了。因為鏈上已經開始接觸基金、信貸、票據，還有各種 RWA。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778022659288-t8rw.png\" alt=\"292M DeFi 攻擊後的安全重設\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>講白了，DeFi 已經不是只有幣圈人在玩。它現在碰到的是會看資本保護、合規文件、治理紀錄的機構。這些人不會因為你有高 APY 就閉眼進場。他們先看的是，出事時誰負責，規則能不能擋住攻擊。\u003C\u002Fp>\u003Cp>這也是為\u003Ca href=\"\u002Fnews\u002Fwhy-turboquant-changes-kv-cache-debate-zh\">什麼\u003C\u002Fa>這次損失會放大成信任問題。攻擊者不需要打穿全部系統。只要找到治理、橋接、抵押或權限管理其中一個洞，就能讓整個市場開始懷疑。\u003C\u002Fp>\u003Cul>\u003Cli>攻擊發生時，機構採用鏈上產品正在升溫。\u003C\u002Fli>\u003Cli>大型資產管理公司已經開始測試代幣化市場。\u003C\u002Fli>\u003Cli>安全漏洞現在會直接影響百億級資金的判斷。\u003C\u002Fli>\u003Cli>DeFi 的失誤，會被拿去跟傳統金融的風控比。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>Janus Henderson 旗下創新主管 \u003Ca href=\"https:\u002F\u002Fwww.janushenderson.com\" target=\"_blank\" rel=\"noopener\">Nick Cherney\u003C\u002Fa> 的說法很直接。他說這是「a speed bump for sure, but not a roadblock」。\u003C\u002Fp>\u003Cblockquote>“This is a speed bump for sure, but not a roadblock,” said Nick Cherney, head of innovation at Janus Henderson.\u003C\u002Fblockquote>\u003Cp>這句話很有意思。它不是在替 DeFi 洗白。它是在講，機構不會因為一次攻擊就完全退出。可是他們會要求更多控制。更嚴的門檻，會變成新常態。\u003C\u002Fp>\u003Ch2>DeFi 接下來要補什麼洞\u003C\u002Fh2>\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.gauntlet.xyz\" target=\"_blank\" rel=\"noopener\">Gauntlet\u003C\u002Fa> 的安全主管 Paul Vijender 提到一個很現實的點。DeFi 和鏈上資產管理，活在敵意環境裡。每個弱點都會被掃描。每個治理動作都可能被盯上。\u003C\u002Fp>\u003Cp>所以問題不是「要不要加安全」。問題是「安全要加幾層」。如果只有單一保護，出事時就會整包炸掉。你不能只靠一個多簽，或只靠一個 timelock，就以為萬事大吉。\u003C\u002Fp>\u003Cp>真正有用的做法，是把風險拆開。讓錯誤不會一路傳染。讓治理變更不能太快。讓權限不會集中在少數人手上。這些聽起來很無聊，但金融本來就該無聊。\u003C\u002Fp>\u003Cul>\u003Cli>Zero-trust 架構，預設所有東西都不安全。\u003C\u002Fli>\u003Cli>治理 timelock，避免改版被快速塞過。\u003C\u002Fli>\u003Cli>更嚴格的 multi-signature 權限控管。\u003C\u002Fli>\u003Cli>更硬的抵押規則與 bridge 安全機制。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>\u003Ca href=\"https:\u002F\u002Fre7capital.com\" target=\"_blank\" rel=\"noopener\">Re7 Capital\u003C\u002Fa> 創辦人 Evgeny Gokhberg 的看法也很直白。他認為這些不能再只是「最佳實務」。它們要變成底線。\u003C\u002Fp>\u003Cp>這差很多。最佳實務是有空再做。底線是你不做就別上線。對想碰機構資金的協議來說，這條線只會越來越硬。\u003C\u002Fp>\u003Ch2>機構到底在意什麼\u003C\u002Fh2>\u003Cp>\u003Ca href=\"https:\u002F\u002Fcentrifuge.io\" target=\"_blank\" rel=\"noopener\">Centrifuge Labs\u003C\u002Fa> 執行長 Bhaji Illuminati 說得很準。傳統金融花了幾十年，才慢慢堆出今天的風控、法規和清算流程。DeFi 想在更短時間內補齊這套東西，壓力本來就很大。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778022660686-klyg.png\" alt=\"292M DeFi 攻擊後的安全重設\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>機構不是只看收益。他們看的是資產歸屬、法律包裝、審計可讀性，還有市場壓力下的流動性。你如果只能在平穩行情跑得順，一遇到波動就卡死，那對大資金沒\u003Ca href=\"\u002Fnews\u002Fanthropic-financial-agents-wall-street-bet-zh\">什麼\u003C\u002Fa>吸引力。\u003C\u002Fp>\u003Cp>所以現在的重點，不是把 DeFi 說得多潮。重點是把信任做成可驗證的東西。可以查、可以算、可以稽核。這才是機構會買單的語言。\u003C\u002Fp>\u003Cul>\u003Cli>可驗證的抵押品。\u003C\u002Fli>\u003Cli>可預測的 smart contract 行為。\u003C\u002Fli>\u003Cli>壓力情境下還能維持的流動性。\u003C\u002Fli>\u003Cli>符合合規需求的法律結構。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>CoinDesk 引用 \u003Ca href=\"https:\u002F\u002Frwa.xyz\" target=\"_blank\" rel=\"noopener\">RWA.xyz\u003C\u002Fa> 的資料指出，RWA 市場自 2025 年起已經成長 6 倍。這不是小數字。這代表鏈上金融不再只是幣圈內循環，而是真的開始碰到資產管理主流程。\u003C\u002Fp>\u003Cp>也因為這樣，安全事件的意義變了。以前是協議掛了，社群抱怨一下。現在是協議出包，機構就會重新算風險權重。\u003C\u002Fp>\u003Ch2>誰會先改，誰會被淘汰\u003C\u002Fh2>\u003Cp>我覺得接下來最先變的，不會是什麼華麗的新協議。會先變的是預設值。更多 timelock。更多治理審批。更硬的抵押門檻。更清楚的事故揭露流程。\u003C\u002Fp>\u003Cp>這會把 DeFi 分成兩群。第一群是能接機構資金的協議。它們會更保守，也更難看。第二群還是會吸引交易者，但很難拿到大型資產管理人的錢。這個分化，八成只會越來越明顯。\u003C\u002Fp>\u003Cp>如果你是開發者，我的建議很簡單。不要只寫收益頁面。把你的風控寫清楚。把權限、升級路徑、緊急停止機制、審計紀錄都攤開。能講清楚的專案，才有機會碰更大的資金。\u003C\u002Fp>\u003Ch2>這場攻擊留給 DeFi 的考題\u003C\u002Fh2>\u003Cp>這次事件不是 DeFi 的終點。它比較像一次強迫校正。市場已經不是只看誰 APY 高。現在還要看誰的治理慢一點、誰的權限少一點、誰的失誤不會擴散成災難。\u003C\u002Fp>\u003Cp>下一輪真正有機會的團隊，會是那些把風險做得很無聊的人。很土，但很重要。因為當 Apollo、BlackRock 這種級別的資金繼續往鏈上走，協議就不能再靠「社群信任」撐場面了。\u003C\u002Fp>\u003Cp>如果一個協議不能用白話說清楚自己的安全機制，那它大概還沒準備好接機構錢。這句話很硬，但我覺得很實在。你會先信一個會講風控的團隊，還是只會講故事的團隊？\u003C\u002Fp>","Kelp DAO 2920萬美元級攻擊後，DeFi 開始收緊治理、抵押與安全規則，機構資金也更在意風險控制。","www.coindesk.com","https:\u002F\u002Fwww.coindesk.com\u002Fbusiness\u002F2026\u002F05\u002F02\u002Fthe-usd292m-crypto-hack-exposed-defi-s-weak-spots-here-s-what-must-change-insiders-say",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778022659288-t8rw.png",[13,14,15,16,17,18,19,20],"DeFi","Kelp DAO","區塊鏈安全","RWA","機構採用","資產管理","治理風險","智慧合約","zh",1,false,"2026-05-05T23:10:37.83391+00:00","2026-05-05T23:10:37.811+00:00","done","5d1790ed-9bde-461d-a3e5-909d46e618a5","292m-defi-hack-security-reset-zh","blockchain","fb553714-a1cd-4623-ab8d-637ecd4abb63","published","2026-05-06T09:00:21.531+00:00",[34,35,36],"2.92 億美元攻擊讓 DeFi 的安全與治理標準被迫升級。","機構資金進場後，協議必須把風控做成可驗證的底線。","未來能接大錢的 DeFi，會更保守，也更重視權限與審計。",[38,40,41,42,44],{"name":16,"slug":39},"rwa",{"name":17,"slug":17},{"name":15,"slug":15},{"name":14,"slug":43},"kelp-dao",{"name":13,"slug":45},"defi",{"id":30,"slug":47,"title":48,"language":49},"292m-defi-hack-security-reset-en","$292M DeFi hack forces a security reset","en",[51,57,63,69,75,81],{"id":52,"slug":53,"title":54,"cover_image":55,"image_url":55,"created_at":56,"category":29},"8c37fa14-a081-4810-b5b8-2a2a184a7d1d","web3-communication-trust-infrastructure-2026-zh","Web3 溝通正在變成信任基礎設施","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778797251989-it0w.png","2026-05-14T22:20:32.600359+00:00",{"id":58,"slug":59,"title":60,"cover_image":61,"image_url":61,"created_at":62,"category":29},"9059e494-8f72-4c34-a888-2424c682da10","why-bases-x402-protocol-matters-more-than-100m-zh","為什麼 Base 的 x402 協議比 1 億美元里程碑更重要","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778719260627-a0va.png","2026-05-14T00:40:19.962138+00:00",{"id":64,"slug":65,"title":66,"cover_image":67,"image_url":67,"created_at":68,"category":29},"74969a5b-7ec5-4686-80ee-fa39a5cc43d4","gala-games-web3-gaming-2026-zh","Gala Games 在 Web3 遊戲找回存在感","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778689265110-p0y5.png","2026-05-13T16:20:41.782583+00:00",{"id":70,"slug":71,"title":72,"cover_image":73,"image_url":73,"created_at":74,"category":29},"d330d44a-4eff-4ba6-aa72-5ef246e31c64","why-lace-20-matters-more-than-cardanos-next-hard-fork-zh","為什麼 Lace 2.0 比 Cardano 下一次硬分叉更重要","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778681462051-f600.png","2026-05-13T14:10:25.488549+00:00",{"id":76,"slug":77,"title":78,"cover_image":79,"image_url":79,"created_at":80,"category":29},"0af0a4b2-b0a1-4a52-8fe9-1328bde87c8e","why-ethereum-treasury-buying-is-a-bad-bet-zh","為什麼 Ethereum Treasury Buying 正在變成一筆差勁的長…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778386236909-ytls.png","2026-05-10T04:10:21.784208+00:00",{"id":82,"slug":83,"title":84,"cover_image":85,"image_url":85,"created_at":86,"category":29},"ab3ef302-99ee-40b3-b2d0-4b67a9049ec4","yakovenko-warns-ai-could-crack-pqc-wallets-zh","Yakovenko 警告：AI 可能破解 PQC 錢包","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778170266863-wnnh.png","2026-05-07T16:10:41.097774+00:00",[88,93,98,103,108,113,118,123,128,133],{"id":89,"slug":90,"title":91,"created_at":92},"e1b4b518-f86b-410c-8c82-8cfb787ff2ef","moonpay-open-wallet-standard-ai-payments-zh","MoonPay 推 OWS，瞄準 AI 付款","2026-03-28T03:08:33.379969+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"e72bae29-ddbd-437b-aaa4-cd662605394b","next-gen-crypto-simulators-ai-web3-training-zh","新一代加密模擬器更聰明了","2026-04-01T09:36:33.917023+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"b8e39b58-6b9d-4714-92d3-26df18a3e0f4","rtk-cuts-claude-code-token-spend-zh","RTK 讓 Claude Code 少燒 Token","2026-04-01T10:24:29.259497+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"7ff10146-4ca0-4670-a02c-384dde04f610","trm-labs-ai-agents-crypto-investigations-zh","TRM Labs 將 AI agent 帶進加密調查","2026-04-01T10:33:30.166266+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"00668dea-9f0e-4019-b861-03817d5a8877","how-web3-marketing-changed-in-2026-zh","2026 Web3 行銷怎麼變了","2026-04-02T01:36:34.973322+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"e7992274-42ee-40bc-bb05-97250098c56c","ai-agentic-defi-web3-grants-march-2026-zh","AI、Agentic DeFi 與 Web3 補助案","2026-04-02T05:51:36.857954+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"5cef810b-af3d-467a-8b41-627769eca895","why-crypto-is-fixated-on-ai-agents-zh","為何加密圈盯上 AI Agent","2026-04-02T05:54:28.919864+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"d30e6203-d522-41a1-b529-fcf4499cd985","web3-explained-what-it-is-why-it-matters-zh","Web3 是什麼，為何重要","2026-04-02T06:15:32.580114+00:00",{"id":129,"slug":130,"title":131,"created_at":132},"f29e65ae-64df-463b-ba22-afd9dcbd0f8f","trust-wallet-agent-kit-ai-trade-25-chains-zh","Trust Wallet 讓 AI 幫你交易","2026-04-02T06:27:33.183404+00:00",{"id":134,"slug":135,"title":136,"created_at":137},"91022b4c-b53e-4c18-abfe-914a8eca6e28","blockchain-in-ai-real-use-cases-zh","區塊鏈加 AI，真實落地在哪裡","2026-04-02T06:30:44.026286+00:00"]