Loading prices…
🩸BEARISH

Edel Finance halts lending after 7,700% phantom collateral exploit

The $403K bad debt was small, but the failure mode is one DeFi can't stop hitting: manipulating a protocol's view of a price rather than the price itself, this time through a tokenized Google share.

Edel Finance halts lending after 7,700% phantom collateral exploit
Edel Finance halts lending after 7,700% phantom collateral exploit
Edel Finance halts lending after 7,700% phantom collateral exploit
Edel Finance halts lending after 7,700% phantom collateral exploit

Edel Finance paused its version-one lending protocol on Tuesday after an attacker inflated the value of a wrapped tokenized Google share to about 78 times its real price and borrowed against it, leaving roughly $403,000 in bad debt. The target was wGOOGLx, the wrapped form of GOOGLx, which Edel accepted as collateral on its lending market.

The pricing was not the weak point. Edel said its Chainlink oracles correctly reported Alphabet's share price at around $357. The flaw sat in the wrapping mechanism, in how GOOGLx converted to and from wGOOGLx, which let the attacker borrow real assets against mispriced collateral even as the underlying price feed stayed accurate.

Why it matters

The exploit lands in one of DeFi's most persistent categories of attack: manipulating the price a protocol reads rather than breaking into the protocol itself. CertiK and the OWASP Smart Contract Top 10 both flag oracle and price-manipulation vectors as among the field's most common, sitting only behind cross-chain bridge flaws, which produced the year's largest single thefts including the $292 million drained from Kelp DAO in April. In most of these incidents, the code behaves exactly as written; the loss is a logic gap the authors did not anticipate.

Tokenized equities add a fresh layer to that surface. Putting real-world stocks like Google onchain introduces wrapping and conversion steps between the share and the price, and every additional step is another place for an attacker to wedge in a mispricing that the upstream oracle never sees.

Market impact

Edel said it traced the attacker's transactions, paused all version-one contracts, which remain frozen, and is coordinating with exchanges. The team has offered the attacker a white-hat settlement within a set window. No depositor will take a loss: Edel is absorbing the bad debt and restoring balances one for one, and is rolling out a redesigned version-two system aimed at blocking the same class of manipulation, with a full technical breakdown to follow. The dollar figure is small, but the pattern keeps repeating wherever new collateral types meet older lending code.

Frequently asked questions

  1. What exactly was exploited in the Edel Finance attack?

    An attacker manipulated the exchange rate between GOOGLx and its wrapped form wGOOGLx, inflating the wrapped token's value to about 78 times the real Google share price and borrowing real assets against it. Chainlink oracles correctly reported Alphabet's price at around $357.

  2. How much money was lost in the Edel Finance exploit?

    Roughly $403,000 in bad debt was created when the attacker borrowed against the inflated collateral. Edel said it will absorb the losses so no depositor takes a hit, and balances are being restored one for one.

  3. Will Edel Finance users lose their funds?

    No. Edel said the team is absorbing the bad debt and restoring all depositor balances one for one. The protocol's version-one contracts remain paused and frozen.

  4. Why is this kind of exploit common in DeFi?

    Oracle and price-manipulation vectors are among the most common smart-contract attack classes, ranking only behind cross-chain bridge flaws in the OWASP Smart Contract Top 10 and CertiK reporting. In most cases the code works exactly as written; the gap is in logic the authors did not anticipate.

  5. What is Edel doing to prevent another exploit?

    Edel is rolling out a redesigned version-two system with a new pricing setup aimed at blocking the same class of manipulation. The team has also offered the attacker a white-hat settlement within a set window and is coordinating with exchanges.

Source attribution
Aggregated from CoinDesk · Verified · Last refreshed 1h ago
Open original →