Edel Finance Lending Market Hit by Collateral Price Manipulation Exploit

Edel Finance, a decentralized lending protocol that supports tokenized equities and stock derivatives, experienced an exploit that drained liquidity from one of its lending pools through a manipulated collateral price.
We have detected an exploit on an @edeldotfinance lending market. The attacker manipulated the collateral price of wGOOGLx, which is dependent on its GOOGLx balance, and drained ~$204K by borrowing.https://t.co/koDkFXudJ5
Stay Vigilant! pic.twitter.com/r0k8rB4GLb
— CertiK Alert (@CertiKAlert) July 1, 2026
On-chain security monitors flagged the incident in real time, with initial alerts citing approximately $204,000 in direct withdrawals while subsequent tracker data and protocol updates place the total impact closer to $403,000 in bad debt.
Available market reporting and transaction breakdowns indicate the attacker targeted the pricing mechanism for wGOOGLx, a wrapped token representing tokenized Google equity used as collateral. The protocol’s oracle for this asset derives its value directly from the underlying ERC-4626 share-to-asset exchange rate.
By deploying a flash loan and executing a rapid, multi-step supply-and-borrow loop, the attacker temporarily skewed the vault’s share ratio. This maneuver inflated the on-chain reported price of the collateral far above its actual market value, allowing the attacker to borrow against the artificially overvalued positions.
On-chain data shows the manipulated collateral was valued at roughly 78 times its actual worth during the exploit window. The attacker ultimately withdrew approximately $204,000 in USDC alongside several other wrapped equity tokens from the pool.
When accounting for the additional tokenized assets, the total drained value reached around $403,000, depleting the majority of the available liquidity in the affected lending market. The attacker subsequently routed the extracted funds through a privacy-focused mixing service.
Edel Finance acknowledged the event and described the attack vector as an exchange-rate and oracle manipulation. The protocol confirmed that the incident left its lending system with significant bad debt and stated that borrowing and withdrawal functions would remain restricted while the affected contracts are reviewed. The project has not yet published a full technical post-mortem or a detailed timeline for restoring normal operations, and final loss reconciliation remains pending further official confirmation.






