Solend exploited for $1.26 million in market manipulation attack

Quick Take

  • Lending protocol Solend reported an market manipulation attack on three of its lending pools. 
  • The project said that the attack resulted in bad debt to the tune of $1.26 million.

Solend, a Solana-based lending protocol, reported a market manipulation attack that resulted in $1.26 million of bad debt for the protocol. The incident occurred on Wednesday, as noted by security firm PeckShield. 

Solend runs a decentralized lending system that allows users to borrow and earn interest on crypto assets with the help of lending pools.

The platform acknowledged the exploit and said the attack targeted three lending pools that held Hubble stablecoins, Coin98 tokens and Kamino tokens. “An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt,” Solend tweeted.

The three affected pools have been frozen after the incident. All other lending pools remained unaffected, the Solend further clarified. According to the Solend team, the attacker took advantage of an issue in the project's price-data oracle — a system used to track the prices of different crypto assets. 

Malicious actors generally target lending protocols where they may inflate the price of certain crypto assets and borrow other assets with the intention of never repaying the borrowed amount. This results in bad debt, or debt that is unlikely to be paid back. 

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Solana Labs CEO Anatoly Yakovenko described the incident as market manipulation. "It was a market manipulation attack besides the oracle relied on a single low liquidity pool," Yakovenko said. 

The Solend team has yet to release a post-mortem report.

Update: Headline and report copy updated for clarity.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Adam James at
[email protected]