An attacker inflated wGOOGLx collateral to 78 times its real value via a flash-loan oracle manipulation, draining $403,000 from Edel Finance's lending reserves on July 1.
"The attacker deployed fresh exploit contracts and used a flash loan to distort the exchange rate between wGOOGLx and GOOGLx, causing the wrapped collateral to be valued at roughly 78 times its correct price," Blockaid, the blockchain security firm that flagged the exploit in real time, said.
The manipulation targeted Edel's xStock lending reserves on Ethereum. Chainlink oracles correctly reported Alphabet's share price at roughly $357 — the flaw sat in the wrapping mechanism that converts GOOGLx to its wrapped form wGOOGLx, not in the price feed itself. The attacker borrowed real assets against the phantom collateral, then moved stolen funds through Tornado Cash, according to Etherscan records.
Edel paused all V1 contracts, absorbed the bad debt, and pledged 1-to-1 restoration for depositors. The team is deploying V2 with a redesigned oracle architecture and has offered the attacker a whitehat settlement. The incident highlights persistent risks in tokenized real-world assets, where wrapping and conversion steps add attack surfaces beyond standard oracle manipulation.
Total value locked on Edel Finance plunged from roughly $630,000 to about $947 after the exploit, according to DefiLlama data, as users rushed to withdraw funds. The protocol recorded an estimated net outflow of $630,000, the largest on record.
The exploit adds to a brutal first half of 2026 for DeFi security. Cumulative losses across the sector have exceeded $1.1 billion, with oracle and exchange-rate manipulation ranking among the most common attack vectors, according to CertiK. April alone saw 28 to 30 separate hacking incidents totaling more than $625 million.
This article is for informational purposes only and does not constitute investment advice.