Term Finance recovers $1M after an oracle error triggers a $1.6M liquidation loss
The Ethereum-based lending platform, Term Finance, said it had recovered nearly a million dollars after a poorly configured price oracle caused erroneous liquidations in its Treehouse (tETH) market.
The problem began when a new ETH oracle provided incorrect price data to the system. This caused automatic liquidations, approximately worth $1.6 million in positions.
Term Finance clarified in a post on X that the incident was not a hack, no smart contracts were involved, and no user was attacked, explaining that a technical error in the configuration of the new oracle caused the issue.
The episode again shows how vital oracle feeds are to the DeFi ecosystem. Even small things can be catastrophic when it comes to smart contracts.
Term Finance recovers half of the lost funds
Term Finance immediately pushed to recover the missing assets. Of the 918 ETH lost in total, they recovered 556 ETH. Notably, 223.197 ETH, valued at around $400,000, were seized by the platform internally. Another 333 ETH, valued at approximately $600,000, were returned after what Term called 'negotiations'.
It remains unknown who was included in the negotiation or on what terms the pact was made. The company has not yet disclosed additional information about the method.
With recovery attempts, the remaining loss is now 362.03 ETH — approximately $650,000 at current market rates. That's much less damaging than before and relieves some pressure on Term Finance and its community.
The website did not acknowledge this until media coverage emerged, and the company has since stated that it will conduct a thorough review of its oracle integration process to prevent such issues in the future. It also suggested that users affected by the bad liquidations may be eligible for additional compensation, although no formal decision had been made.
Weekend cryptographic attacks prompt scrutiny in the industry
The Term Finance incident was not the only bad news for cryptocurrencies over the weekend. The DeFi industry was shaken by a series of attacks, highlighting the ongoing risk.
Impermax Finance said on Saturday that a flash loan attack struck its V3 pools. The exploit drained over $150,000 from the protocol, according to blockchain security firm TenArmor. Impermax apologized to users and said a full analysis would be published soon.
For its part, another DeFi platform on Solana, Loopscale, lost $5.8 million in an exploit. Attackers exploited security holes, contributing to a growing total of losses in DeFi this year.
A centralized platform is not an exception either. The cryptocurrency exchange Bitget revealed a $20 million loss after hackers exploited a market connected to a dark token. Bitget stated that it had identified eight suspicious accounts involved in the scheme and would seek legal action against those behind them.
The latest attacks underscore how insecure even the biggest players are. Data suggests that very little is recovered from many hacks. Take for example Bybit's CEO, Ben Zhou; he recently revealed that only 3.84% of the funds stolen in the February hack had been frozen. Almost 28% of the stolen funds — valued in the millions of dollars — have already gone 'dark', flowing into mixers and peer networks, where they become impossible to trace.
It was a rare win compared to many other cases where victims are left empty-handed. And yet, the incident shows a fundamental weakness in overall security standards and risk management practices in the DeFi industry.
The bigger DeFi gets, the higher the stakes, and some projects may soon regret not budgeting more for technical failures.
Cryptopolitan Academy
