0
0
Lending Market 'Blend' Suffers $10M+ Exploit
The Stellar-native lending market was victimized by oracle manipulation over the weekend.
0
0
Blend – the largest lending marketplace on L1 blockchain Stellar – lost more than $10M over the weekend due to an oracle manipulation in an independant USTRY/XLM market.
What's the Scoop:
- Recent Hack: Stellar's Blend was exploited for approximately $10.8M over the weekend. An attacker increased the price of yield-bearing stablecoin USTRY on from $1.05 to over $100 in a single transaction, then took advantage of a manipulated oracle price to borrow 61M XLM and 1M USDC from YieldBlox using the false price mark.
- Partially Mitigated: While the hacker was able to withdraw the majority of their USDC to Ethereum, Stellar validators have already coordinated to freeze at least 80% of the stolen XLM. The YieldBlox Security Council has sent an onchain message to the hacker, offering a 10% bounty if the remaining funds are returned and providing instructions on how to return the 48M XLM held in the frozen addresses.
- Event Over: According to YieldBox developer Script3, the manipulation was, "isolated to a single asset in a single community managed pool." They believe no other Blend pools to be vulnerable to the same oracle manipulation vector, claiming the attack could only be executed because USTRY liquidity was temporarily removed and no other trades were made within 15 minutes.
To clarify:
— Script3 (@script3official) February 23, 2026
This incident was isolated to a single asset in a single community managed pool.
No other Blend pools are vulnerable to the same oracle manipulation vector. There are no vulnerabilities in the Blend smart contracts.
Blend allows pool creators to choose their own… https://t.co/4M9VpIMVTw