Term Finance Loses $1.6M in ETH Due to Oracle Misconfiguration

Term Finance, a fixed-rate lending protocol on Ethereum, recently faced a significant setback due to an oracle misconfiguration that resulted in a loss of approximately $1.6 million worth of ETH. The incident occurred on Saturday when a faulty liquidation triggered by an incorrect oracle update led to the loss of 918 ETH. The project swiftly addressed the issue, emphasizing that it was not a hack and that no smart contracts were exploited or user funds directly targeted. The cause was isolated to an updated ETH oracle that malfunctioned.

The team at Term Finance moved quickly to recover the lost funds. They captured 223.197 ETH internally and successfully negotiated the return of an additional 333 ETH. This brought the total recovered amount to 556.197 ETH, leaving an outstanding loss of 362.03 ETH, valued at approximately $650,000. The remaining loss will be fully covered by the protocol’s treasury, ensuring that borrowers have already been reimbursed and lenders can redeem their investments at maturity as usual.

In an update posted on X, Term Labs assured users that a full post-mortem detailing the event, lessons learned, and protocol improvements will be published shortly. This transparency and prompt recovery effort appear to have restored some community confidence, which is crucial in the current climate of rising DeFi security incidents. The swift action by Term Finance highlights the importance of transparency and prompt recovery efforts in maintaining user trust.

While Term Finance managed to limit the damage from the oracle error, another DeFi protocol faced a different challenge. Impermax Finance, a smaller Ethereum-based project, reported a flash loan attack on Saturday resulting in a loss of over $150,000. The team from Impermax stated that someone executed a flash loan and drained their V3 pools. Security firm TenArmor confirmed the attack and is working with Impermax to assess the full extent of the breach. The protocol plans to publish a detailed post-mortem once verification is complete.

The incidents at Term Finance and Impermax add to a growing list of DeFi incidents in 2024. Recently, Solana DeFi platform Loopscale lost $5.8 million in an exploit, and crypto exchange Bitget reported a $20 million loss after a manipulation involving a little-known token. These incidents highlight the risks DeFi users face despite technological advancements. The types of vulnerabilities are expanding, ranging from traditional hacks to misconfigurations and sophisticated market manipulation.

Recovery rates from crypto exploits vary drastically. Once stolen funds move through mixers, peer-to-peer exchanges, or OTC trades, tracing and recovering them becomes extremely difficult. For example, Bybit’s CEO recently revealed that nearly 28% of funds lost in a major attack had “gone dark,” meaning they became untraceable on-chain. The Term Finance incident stands out not because of the mistake itself, but because of the rapid, transparent response and emphasis on protecting users. In the volatile DeFi landscape, how a project reacts to a crisis can be more important than the crisis itself.