Term Finance recovers $1M after oracle bug triggers $1.6M liquidation loss

The Ethereum-based lending platform Term Finance said it had recovered nearly one million dollars after a misconfigured price oracle caused erroneous liquidations in its Treehouse (tETH) market.

The issue began when a new ETH oracle provided incorrect price data to the system. This caused automatic liquidations, approximately $1.6 million worth of positions.

Term Finance clarified in a post on X that the incident was not a hack, no smart contracts were involved, and no users were attacked, explaining that a technical bug in the configuration of the new oracle caused the issue.

The episode again shows how vital oracle feeds are to the DeFi ecosystem. Even tiny things can be catastrophic when it comes to smart contracts.

Term finance recovers half of lost funds

Term Finance immediately pressed to recover the missing assets. Of the 918 ETH lost in total, they recovered 556 ETH. In particular, 223.197 ETH, valued at around $400,000, was seized by the platform internally. Another 333 ETH, worth roughly $600,000, was returned after what Term called “negotiations.”

It also remains unknown who was included in the negotiation or on what terms the pact was made. The company has not yet disclosed additional information regarding the method.

With the recovery attempts, the remaining loss is now 362.03 ETH — approximately $650,000 at today’s market rates. That’s much less damaging than the one before, and it takes some pressure off Term Finance and its community.

The website did not acknowledge this until media coverage surfaced, and the company has since declared that it will conduct a thorough review of its Oracle integration process to avoid such problems in the future. It also suggested that users affected by the bad liquidations might be eligible for further compensation, though no formal decision had been made.

Weekend crypto attacks spark industry scrutiny

The Term Finance incident wasn’t crypto’s only bad news over the weekend. The DeFi industry was rocked by a chain of attacks, highlighting the continued risk.

Impermax Finance said Saturday that a flash loan attack hit its V3 pools. The exploit siphoned more than $150,000 out of the protocol, according to the blockchain security firm TenArmor. Impermax apologized to users and said a full post-mortem would be released soon.

For its part, another Solana DeFi platform, Loopscale, lost $5.8 million in an exploit. Attackers took advantage of security holes, contributing to a growing tally of DeFi losses this year.

A centralized platform is also not an exception. Crypto exchange Bitget revealed a $20 million loss after hackers exploited a market connected to an obscure token. Bitget said it had discovered eight accounts suspected of being involved in the scheme and would seek legal action against those behind them.

The most recent attacks underline how insecure even the biggest players are. The data suggests that very little is recovered from many hacks. Take Bybit CEO Ben Zhou, for example; He disclosed recently that just 3.84% of stolen funds from their February heist had been frozen. Nearly 28% of the stolen funds — worth millions of dollars — have already gone “dark,” flowing into mixers and peer-to-peer networks, where they become impossible to trace.

It was a rare victory compared to many other cases in which victims come up empty-handed. And yet, the incident displays a fundamental weakness in the overall security standards and risk management practices in the DeFi industry.

The larger DeFi becomes, the higher the stakes and some projects may soon regret not budgeting more for technical failures

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More