Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

Blend Protocol Exploit: $10.8M Stolen from Stellar’s YieldBlox Pool via Oracle Manipulation

$10.8M Stolen from Stellar’s Blend Protocol: Oracle Exploit Explained

Saravana Kumar Mahendran by Saravana Kumar Mahendran
February 24, 2026
in Security & Hacks
0 0
Blend Protocol Exploit
Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

The Stellar-based lending platform Blend Protocol reported a significant exploit over the weekend of February 22, 2026, resulting in a loss of approximately $10.2 million to $10.8 million. The attack specifically targeted the community-managed YieldBlox DAO Pool, while other liquidity pools and the core Blend protocol remain unaffected.

🚨DeFi project Blend (Stellar blockchain) was exploited for $10.5M+ yesterday. Root cause – price manipulation of a virtually zero liqudity asset.

Attacker inflated USTRY price 100x, price oracle reported collateral as 100x more valuable, so attacker borrowed >$10M and ran away. pic.twitter.com/O3si4PUusQ

— pashov (@pashov) February 23, 2026

Source: https://x.com/pashov/status/2025938184903721015?s=20

Technical Breakdown of the Exploit

The incident was not a result of a direct smart contract vulnerability within the Blend protocol itself. Instead, it was an “Oracle Manipulation” attack leveraging the low liquidity of a specific asset on the Stellar Decentralized Exchange (SDEX).

Related Story

Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Ethereum User Loses Nearly $1 Million USDT in Phishing Token Approval Exploit

Phishing Approval Drains 999K USDT From Ethereum Wallet

July 9, 2026

The attacker identified USTRY a yield-bearing Treasury bond issued by Etherfuse as an asset with extremely thin liquidity. By executing a series of trades, the attacker artificially inflated the price of USTRY from approximately $1.05 to over $100, representing a 100x increase.

Blend utilizes the Reflector oracle system to fetch price data from SDEX. Because the protocol relied on the “latest price” without robust safeguards such as time-weighted average prices (TWAP) or multi-source verification the oracle reported the manipulated $100+ price as the legitimate value. Using a small amount of USTRY as collateral, the attacker was able to borrow approximately 1 million USDC and 61 million XLM against the falsely inflated valuation.

Network Response and Asset Recovery

Following the detection of the anomaly, Stellar’s Tier 1 validators acted swiftly to mitigate the damage. A significant portion of the stolen funds was successfully frozen, including approximately 48 million XLM (valued between $7.2M and $7.5M).

The YieldBlox Security Council, coordinated by Script3, has officially reached out to the attacker via an on-chain message. The council has offered a 10% white-hat bounty on the condition that 90% of the funds are returned. The statement indicated that no legal action would be pursued if the funds were returned within the specified window.

Impact and Remediation

The financial impact is currently confined to the YieldBlox DAO Pool. According to official statements from the Blend Capital and Reflector teams, the core Blend protocol and its independent markets remain secure.

While this attack focused on oracle manipulation, it joins a list of recent security challenges facing cross-chain and lending ecosystems, similar to the vulnerabilities detailed in our IoTeX bridge hack full on-chain analysis report.

The teams are now working on implementing advanced oracle protections, including liquidity thresholds and multi-source price aggregation to prevent similar manipulation of illiquid assets.This incident underscores the need for more robust oracle designs in DeFi, particularly on networks like Stellar with thin liquidity markets.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: Crypto Hacks

Related Posts

Hackers Target Injective Wallet Keys Through Compromised npm Package
Security & Hacks

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

by Saravana Kumar Mahendran
July 10, 2026

A malicious version of a software tool used by Injective developers was designed to collect wallet private keys and recovery...

Read moreDetails
Ethereum User Loses Nearly $1 Million USDT in Phishing Token Approval Exploit

Phishing Approval Drains 999K USDT From Ethereum Wallet

July 9, 2026
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026
Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

July 7, 2026
Web3 Security Losses Hit $1.31 Billion

Web3 Security Losses Hit $1.31 Billion in H1 2026 as Drift Protocol Hack Tops $285M

July 7, 2026

Bonk DAO Lose $20 Million in Governance Attack as BONK Price Drop Over 9%

July 7, 2026
Summer.fi Drained of $6 Million

Summer.fi Drained of $6 Million in Flash Loan Exploit on LazyVault

July 6, 2026
Next Post
Step Finance, SolanaFloor and Remora Markets Announce Immediate Shutdown After January Hack

Step Finance, SolanaFloor and Remora Markets Announce Immediate Shutdown After January Hack

Better and Framework Ventures Launch $500 Million Stablecoin-Backed Credit Partnership

Better and Framework Ventures Launch $500 Million Stablecoin-Backed Credit Partnership

Recommended

  • All
  • News
Relay Warns of Scam Tokens Disappearing From Wallets on Robinhood Chain

Relay Warns of Scam Tokens Disappearing From Wallets on Robinhood Chain

July 10, 2026
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Zcash Targets July 28 Launch for Ironwood Network Upgrade

Zcash Targets July 28 Launch for Ironwood Network Upgrade

July 10, 2026
Bitmine Adds Another 20,500 ETH Through Galaxy Digital as Ethereum Treasury Grows

Bitmine Adds Another 20,500 ETH Through Galaxy Digital as Ethereum Treasury Grows

July 10, 2026
Paul Grewal to Step Down as Coinbase Chief Legal Officer Ahead of CLARITY Act Debate

Coinbase CLO Paul Grewal to Step Down Ahead of CLARITY Act Vote

July 10, 2026
Gauntlet Secures $125M Investment From SBI Holdings to Expand Institutional DeFi

Gauntlet Secures $125M Investment From SBI Holdings to Expand Institutional DeFi

July 9, 2026
AEON Expands to Bolivia, Deploying OpenBCB National QR Rails to Anchor Global Agentic Commerce

AEON Expands to Bolivia, Deploying OpenBCB National QR Rails to Anchor Global Agentic Commerce

July 9, 2026
BitGo Introduces Quantum Risk Management Tools for Bitcoin Wallets

BitGo Launches Quantum Risk Management Tools for Bitcoin Wallets to Prepare for Future Quantum Threats

July 9, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • Metaplanet Explores Digital Credit Using Bitcoin, JPYC, and Security Tokens
  • Relay Warns of Scam Tokens Disappearing From Wallets on Robinhood Chain
  • Malicious Injective SDK Package Targets Private Keys and Seed Phrases

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.