Solend exploited for $1.26 million in market manipulation attack

Solend, a Solana-based lending protocol, reported a market manipulation attack that resulted in $1.26 million of bad debt for the protocol. The incident occurred on Wednesday, as noted by security firm PeckShield. 

Solend runs a decentralized lending system that allows users to borrow and earn interest on crypto assets with the help of lending pools.

The platform acknowledged the exploit and said the attack targeted three lending pools that held Hubble stablecoins, Coin98 tokens and Kamino tokens. “An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt,” Solend tweeted.

The three affected pools have been frozen after the incident. All other lending pools remained unaffected, the Solend further clarified. According to the Solend team, the attacker took advantage of an issue in the project's price-data oracle — a system used to track the prices of different crypto assets. 

Malicious actors generally target lending protocols where they may inflate the price of certain crypto assets and borrow other assets with the intention of never repaying the borrowed amount. This results in bad debt, or debt that is unlikely to be paid back. 

Solana Labs CEO Anatoly Yakovenko described the incident as market manipulation. "It was a market manipulation attack besides the oracle relied on a single low liquidity pool," Yakovenko said. 

The Solend team has yet to release a post-mortem report.

Update: Headline and report copy updated for clarity.