A lending pool belonging to YieldBlox, a “DAO-managed money market,” has suffered a hack on the Stellar blockchain, with losses valued at over $10 million.
Script3, the developer of YieldBlox, introduced the loss, which occurred shortly after midnight (UTC) on Sunday, pointing to oracle manipulation because the trigger.
Hacker addresses holding a complete of 48 million XLM price $7.5 million have been frozen on the Stellar blockchain.
At 00:25:00 UTC the Reflector USTRY oracle was manipulated, misreporting a considerably increased worth.
This resulted in a lack of ~10 million USD in a combination of USDC and XLM from the Mix YieldBlox pool.
NO OTHER BLEND POOLS WERE AFFECTED.
NO OTHER POOLS ARE VULNERABLE.
— Script3 (@script3official) February 22, 2026
Reflector, the agency behind the oracle in query, mentioned its product “quoted correct prices,” pointing to market illiquidity as the reason for the mispricing.
In a thread posted to X, Reflector describes how the attacker focused the illiquid USTRY/USDC market on Stellar’s change.
The pool’s market maker had “pulled all available liquidity… at some point,” and main as much as the exploit, there was lower than $1 hourly quantity.
In response to the thread, the attacker pushed the worth of USTRY from roughly $1.05 to over $100 in a single commerce. They then used overvalued USTRY collateral to borrow in opposition to, withdrawing $10.2 million of belongings.
A complete of 61 million XLM and 1 million USDC had been borrowed from the YieldBlox pool, in keeping with DeFi safety agency Decurity. Many of the USDC was bridged again to Ethereum, and 48 million XLM has been frozen.
YieldBlox Safety Council despatched an on-chain message to the hacker’s Ethereum tackle, providing a ten% bounty if the remaining funds are returned. The message gives to offer directions on the way to return the 48 million XLM held within the frozen addresses.
Stellar’s XLM skilled a pointy drop in worth shortly after the hack, however has since absolutely recovered.
Weekend wipeout
After a reasonably quiet couple of weeks for DeFi hacks, this weekend noticed over $18 million price of belongings stolen.
On Saturday morning, IoTeX Bridge suffered a suspected personal key compromise, with losses initially estimated at $8 million.
Safety researcher Weilin Li noticed the attacker “minted [a] huge amount of IOTX token” earlier than “depositing to Binance for selling”.
Nonetheless, an replace from IoTeX revised the estimated “exploit impact” down to only $2 million. It referred to as the incident “a sophisticated, long-planned attack by professional actors targeting multiple chains.”
🚨 Replace on the current safety incident:
Our crew has contained the scenario and the IoTeX chain is being secured. Present knowledge confirms the exploit affect is round $2M USD (together with USDC, USDT, IOTX, and WBTC).
Investigations present this was a complicated, long-planned…
— IoTeX (@iotex_io) February 21, 2026
In response to blockchain auditor Peckshield, funds had been bridged to bitcoin by way of THORChain.
THORChain has beforehand come beneath fireplace for profiting off the switch of illicit funds. A notable instance being final yr’s $1.5 billion ByBit hack, the laundering of which ZachXBT estimated THORChain profited $200,000.
