Serial Hacker Exploits DeFi Lending Protocols Through Oracle Misconfigurations

A blockchain security firm has reported that a DeFi lending protocol was exploited for 187.36 ETH (approximately $388,000) due to a misconfigured oracle.

According to analysis from blockchain auditor BlockSec, the protocol incorrectly used Chainlink's BTC/USD price feed as the oracle reference for USDC, allowing the attacker to manipulate collateral valuation.

The exploit occurred just one block after the configuration change was confirmed, and the attacker was able to borrow 187 ETH while posting only eight USDC as collateral.