Commissioned, Curated and Published by Russ. Researched and written with AI.
What’s New This Week
Quieter day – nothing today that materially shifts the thesis.
Changelog
| Date | Summary |
|---|---|
| 23 Mar 2026 | Initial publication. |
At 00:25 UTC on February 22, 2026, two transactions hit the YieldBlox DAO Pool on Blend V2 on the Stellar blockchain. The first borrowed 1,000,196 USDC. The second borrowed 61,249,278 XLM. Combined: $10.97 million, drained in the time it takes to confirm two blocks.
No smart contract vulnerability. No flash loan. No bridge compromise. Just a stablebond with no real market, an oracle with no guardrails, and a lending pool that trusted both.
What YieldBlox Is
YieldBlox is Script3’s lending protocol on Stellar, running on top of Blend V2 – a shared lending infrastructure that Script3 also built. YieldBlox has been operating on Stellar since 2022, making it one of the more prominent DeFi protocols on the network. The exploited pool was community-managed by YieldBlox DAO, not operated directly by Script3.
Stellar is a less scrutinised corner of DeFi than Ethereum or Solana. That matters for audit quality, oracle design choices, and most critically here: the depth of liquidity in the markets underlying collateral assets. Ethereum DeFi protocols have been burned enough times that liquidity thresholds and oracle sanity checks are increasingly standard. On smaller chains, those lessons haven’t always landed yet.
The Collateral Asset: USTRY
USTRY is a yield-bearing stablebond issued by Etherfuse, backed by US Treasuries and designed to trade at approximately $1.06. Boring, stable, the kind of asset that sounds sensible as collateral in a lending pool.
The problem was not USTRY itself. The problem was the USTRY/USDC market on the Stellar DEX (SDEX). That market had less than $1 in hourly trading volume. Fewer than five USTRY tokens sat on the ask side of the order book. It had effectively a single market maker and, in the 10 minutes before the exploit executed, zero trades. Not thin liquidity. A ghost town with a price tag on the door.
YieldBlox accepted USTRY as collateral. Nobody set a minimum liquidity threshold for what a valid collateral market needed to look like.
How the Attack Worked
The attacker spent eight days preparing. The primary Stellar wallet was created on February 14 with a 56.32 XLM seed. What followed was a few days of reconnaissance – small USTRY test buys at normal prices around $1.058, learning the market mechanics before breaking them.
On February 21 at 23:35 UTC, a dedicated burner account was created with 15 XLM. Its sole purpose: at 23:38 UTC, it placed a sell offer for 1.2185 USTRY at 107 USDC. That is 100x the real price.
Placing the offer was not enough. A trade had to execute for the oracle to read a new price. A third attacker-controlled account handled that. At 00:10:21 UTC on February 22, it bought 0.05 USTRY against the burner’s inflated sell offer. A 50-cent trade. That transaction became the market price the Reflector oracle ingested at 00:15 and 00:20 UTC.
USTRY’s oracle price moved from $1.06 to $106.74.
With USTRY repriced at 100x, the attacker deposited roughly 153,000 USTRY in two rounds. Real value: approximately $158,500. Value according to the poisoned oracle: approximately $15.99 million.
The pool’s health factor check ran, saw collateral value far exceeding liability value, and approved the borrows. It worked exactly as designed. The design just did not account for the possibility that its oracle would be feeding it fiction.
The attacker walked out with 1,000,196 USDC and 61,249,278 XLM. Combined: $10.97 million.
Why VWAP Failed Here
The Reflector oracle uses a volume-weighted average price (VWAP) model, pulling directly from SDEX trading activity. In a liquid market, VWAP is a reasonable approach – manipulated trades carry little weight against the aggregate volume of legitimate activity. In a market with no other activity, a single trade’s price is the VWAP.
The Oracle Adapter – the contract sitting between Reflector and Blend V2 – received four price entries for USTRY. Two were poisoned at $106.74. Two were normal at $1.06. The adapter did not take a median. It did not flag the deviation. It returned the latest price and passed the full 100x inflation straight through to the pool.
No circuit breaker fired. No staleness check triggered on a market that had been dead for ten minutes. No anomaly detection of any kind. Four distinct failure layers collapsed in sequence: illiquid collateral listing, single-source VWAP oracle, an adapter returning raw last price, and a protocol with no price anomaly detection.
Remove any one layer and the exploit does not work.
The Audit Problem
Blend V2 was not unaudited. In February 2025 – one year before the exploit – it ran a $125,000 Code4rena competition with a Certora Formal Verification component. It was the first Rust/Soroban formal verification contest in DeFi history. Twenty-one security researchers participated. Nearly a thousand verification rules were written. A $20,000 mitigation review followed in April.
The main invariant the audit was asked to prove: users cannot extract funds from a pool if they do not meet or exceed the minimum health factor.
The health factor check the attacker bypassed? It worked exactly as verified. It checked oracle price against liability. Oracle price was $106.74. Health factor passed. The proof held. The pool was drained.
The oracle integration, the question of what collateral markets needed to look like to be trustworthy, and the conditions under which a VWAP could be trivially manipulated – none of it was in scope. The auditors verified what they were asked to verify. What they were not asked about is what got the protocol.
This is not an argument against formal verification. It is an argument that threat modelling has to include the data feeding the contracts, not just the contracts themselves.
The Known Fix
The mitigations that would have prevented this are not novel. QuillAudits, in their post-incident analysis, identified the same list the industry has been compiling for years: liquidity thresholds as a condition for collateral eligibility, market depth validation before accepting an oracle price, circuit breakers on collateral price movements, and TWAP oracles instead of spot or single-window VWAP.
Time-weighted average prices make manipulation expensive because an attacker would need to sustain an inflated price across a meaningful time window, not just execute a single 50-cent trade. Off-chain oracles like Chainlink avoid the thin-liquidity problem entirely by aggregating from multiple sources with outlier detection. Both approaches have been standard on Ethereum DeFi for years.
The simpler fix here was even more basic: do not accept an asset as collateral if its DEX market has less than $1 in hourly volume. That is a parameter, not a protocol redesign.
The Pattern
Oracle manipulation on thin assets is a known playbook. In October 2022, Avraham Eisenberg manipulated the price of MNGO on Mango Markets on Solana, borrowing against inflated collateral to drain $116 million from the protocol. The mechanics were almost identical: pump an illiquid asset’s price on a DEX, borrow against the inflated valuation, let the price return to normal, leave the protocol holding worthless collateral.
Mango’s post-incident analysis identified minimum liquidity requirements and TWAP oracles as the fix. That was 2022. The YieldBlox exploit happened in 2026 using the same technique on a different chain.
Newer chains inherit the same oracle design choices without necessarily inheriting the accumulated scar tissue. New protocols launching on Stellar, Cosmos, or anywhere else with limited DeFi history are making the same oracle decisions Ethereum protocols made in 2020 and 2021 – before those decisions cost eight or nine figures.
Response and Current Status
Tier 1 Validators on Stellar moved to freeze approximately 48 million XLM – about 80% of the stolen native token – before it could leave the network. Script3 sent an on-chain bounty message offering to stop legal action if the attacker returned 90% of funds within 72 hours.
The attacker kept moving. The stolen funds were swapped into USDC and bridged off Stellar to Base via Allbridge, then consolidated further across Ethereum, Base, and BNB Chain. On February 27, one of the exploit wallets moved 100 ETH through Tornado Cash.
On-chain forensics published by independent researchers identified that wallets involved in the attack were funded by Etherscan-flagged phishing addresses, suggesting this was not a solo operator. One exploit wallet was funded by a Binance withdrawal – potentially traceable to a KYC’d account.
Script3 confirmed that all USDC, XLM, and EURC depositors in the affected pool will be fully compensated for losses. Reflector confirmed its infrastructure was not compromised and that other assets with meaningful liquidity and multiple active traders are not at risk. No other Blend pools were affected.
Most of the XLM is frozen. Most of the bridged proceeds are sitting in tagged EVM wallets. Whether any of it comes back is a different question.
The lesson is not new. A lending protocol is only as safe as the worst market it accepts as collateral. Every chain that builds DeFi infrastructure learns this eventually. The only variable is how much it costs to learn it.
Auditors scope contracts. Nobody scopes reality.