YieldBlox / Script3 (Blend V2 community-managed pool): Illiquid collateral oracle manipulation — single USTRY/USDC trade pumped price 100x → inflated collateral → undercollateralized borrow drain
A single trade on a market with under $1/hour in volume pumped USTRY's price 100x, and Blend V2's oracle accepted it as truth — letting the attacker borrow $10.97M against $160K of real collateral.
Summary #
YieldBlox / Script3 (Blend V2 community-managed pool) suffered a Lending / Money Market (Blend V2) on 2026-02-22, resulting in a loss of approximately $11M.
What happened #
A single trade on a market with under $1/hour in volume pumped USTRY's price 100x, and Blend V2's oracle accepted it as truth — letting the attacker borrow $10.97M against $160K of real collateral.
Linked factors #
- RD-F-001 — causal : ★ Audit scope mismatch — exploited code outside scope [via dashboard_risk_factors/Was exploited code in audit scope?: N — the smart contracts had no vulnerability; the exploit was in the oracle configuration (Reflector) and pool listing decision (USTRY as co...] || ★ Audit scope mismatch — full field name [via dashboard_risk_factors/Was exploited code in audit scope?: N — the smart contracts had no vulnerability; the exploit was in the oracle configuration (Reflector) and pool listing decision (USTRY as co...]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — 100x price spike on USTRY with zero competing volume; Reflector reported $106.74 on a ~$1.06 asset; Oracle Adapter passed it without med...]