Home > Today’s Crypto News
bitcoin
bitcoin

$108842.957301 USD

-1.88%

ethereum
ethereum

$3931.777121 USD

-1.66%

tether
tether

$1.000186 USD

-0.03%

bnb
bnb

$1153.250882 USD

-2.20%

xrp
xrp

$2.367904 USD

-1.94%

solana
solana

$186.182050 USD

-4.20%

usd-coin
usd-coin

$0.999997 USD

0.00%

tron
tron

$0.316949 USD

-1.00%

dogecoin
dogecoin

$0.190780 USD

-3.12%

cardano
cardano

$0.651324 USD

-2.67%

hyperliquid
hyperliquid

$37.141055 USD

-0.85%

ethena-usde
ethena-usde

$0.999224 USD

-0.09%

chainlink
chainlink

$17.579031 USD

-2.47%

bitcoin-cash
bitcoin-cash

$509.426284 USD

-2.79%

stellar
stellar

$0.315298 USD

-2.93%

Oracle Manipulation

Oracle manipulation, or oracle price manipulation, is an exploit most common in the DeFi space where an oracle smart contract is manipulated by attackers, which leads to system failure, theft and other damages. DeFi networks are reported to have lost over $33 million due to price oracle manipulation in 2020 alone.

Oracles are third-party service providers that supply blockchains with external or real-world data such as price feeds, weather information, statistics, etc. Price feeds are by far the most exploited oracle data since they allow attackers to steal millions of funds from DeFi platforms. 

Generally, there are two ways an oracle can gather price information. One is to seamlessly siphon price data from centralized exchanges via APIs. On the other hand, oracles can also do the calculations themselves by consulting decentralized exchanges (DEXs). Both methods have their own sets of advantages and disadvantages, as well as ways of being manipulated.

In the Harvest Finance hack, the culprit was able to penetrate its pools through a flash loan using a form of oracle manipulation. Basically, the hacker reduced the value of USDC within the Curve pool via a trade. Then, the perpetrator got into the Harvest pool at the deflated price, brought USDC back to its initial price reversing his trade, then exited the pool at a much higher price.