Edel Protocol Attack: How Digital Collapses While Stock Prices Stay Flat?

Decentralized finance (DeFi) lending protocol Edel disclosed a $403,000 exploit occurring in a layer attempting to use tokenized stocks as collateral. According to the protocol, no depositor will be affected by this loss, and the team will absorb the bad debt to restore affected balances one-to-one. Additionally, to prevent a recurrence of such a vulnerability, it was stated that the protocol's oracle architecture will be rebuilt for the second version. Edel management guaranteed they will assume the necessary financial liability to ensure user funds remain unharmed by the incident.
The core mechanism of the attack was executed by manipulating the exchange rate between Edel's wrapped version of tokenized Google stock, wGOOGLx, and its underlying GOOGLx token. According to Edel's announcement, this manipulation inflated the collateral value of wGOOGLx to approximately 78 times its real value, disrupting the system's equilibrium. An investigation by the SlowMist team determined that the root of the issue lay in Edel's price source, where the system returned the `convertToAssets()` rate of an ERC-4626-style vault using its `latestAnswer()` method. The attacker was able to manipulate this conversion ratio once sufficient flow control was secured, and because Edel's price feed read this data directly, a security vulnerability emerged.
Security firm CertiK analyzed the event from the lending side, stating that the attacker manipulated wGOOGLx's collateral price via a mechanism tracking the token's GOOGLx balance and subsequently borrowed against the inflated value. The GoPlus team determined that the attacker used a flash loan to execute this transaction, repeatedly providing collateral and borrowing to disrupt the wGOOGLx/GOOGLx conversion rate. Thanks to this inflated collateral value, the attacker was able to allocate real assets from the protocol, including 384,215 USDC and wrapped positions such as SPYx, QQQx, MSTRx, NVDAx, and TSLAx.
Different security firms announced varying figures regarding the cost of the event; Cyvers estimated the loss at approximately $353,000, GoPlus measured the loss at $403,000 and the attacker's profit at $305,000, while CertiK put the funds destroyed at $204,000. This discrepancy is believed to stem from each firm measuring different metrics such as bad debt, gross loss, and net attacker profit, varying based on how the financial dimension of the incident is calculated. The critical failure lay in the exchange rate between the wrapped token and its underlying counterpart, which Edel's lending market priced as if it were stable. It was emphasized that changes in Alphabet's stock price did not trigger this exploit, which was purely a technical manipulation.
General market data, based on RWA.xyz, reveals that the on-chain value of tokenized stocks is around $1.7 billion, showing a 2.17% increase in the last 30 days. While monthly transfer volume stands at $8.92 billion, the total user count is recorded above 396,000, highlighting the sector's size. Platforms like xStocks list over 100 stocks and ETFs on more than 50 integrated platforms, while protocols like Kamino stand out as one of the first major lending platforms to accept tokenized stocks as collateral. With Robinhood also set to launch stock and ETF tokens for EU customers in 2025, the fact that tokenized stocks move and connect like other crypto assets is presented as a selling point. However, with the incident experienced by Edel, it has once again reminded the market of the reality that when these assets start moving like crypto, they can break like crypto.
Ask about this story
Answers are AI-generated from this story only.
This is an AI-generated summary. The full story lives at the source.
Read the full story at the sourcecryptoslate.com