The YieldBlox $10M Oracle Heist: How a Single Trade on Stellar's DEX Drained an Entire Lending Pool

Oracle manipulation is DeFi's original sin. But the YieldBlox exploit on February 22, 2026 showed that even in 2026, protocols keep making the same fatal mistake — trusting price feeds from illiquid markets without sanity checks. A single attacker pumped USTRY from ~$1 to $107 on Stellar's DEX, used the inflated collateral to borrow $10M+ in USDC and XLM, then bridged everything to Ethereum before anyone could react. Let's break down exactly how it happened, why it worked, and how to build oracle integrations that don't die to thin liquidity. The Setup: Blend V2 and the Illiquidity Trap YieldBlox DAO operated a lending pool on Blend V2 , Stellar's isolated lending protocol. The pool accepted three assets: Borrow assets: USDC, XLM Collateral: USTRY (a US Treasury-backed token) For pricing, the pool used Reflector , a VWAP (Volume-Weighted Average Price) oracle that pulled prices directly from SDEX — Stellar's native decentralized exchange. Here's the critical detail: the USTRY/USDC mark

The YieldBlox $10M Oracle Heist: How a Single Trade on Stellar's DEX Drained an Entire Lending Pool

Related Articles

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Clean Code Principles Every Software Engineer Should Follow

The Real Cost of Abstractions in .NET

Stop Learning Frameworks — You’re Wasting Your Time

Related Articles

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 1d ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 1d ago

How-To
Clean Code Principles Every Software Engineer Should Follow
Medium Programming • 1d ago

How-To
The Real Cost of Abstractions in .NET
Medium Programming • 1d ago

How-To
Stop Learning Frameworks — You’re Wasting Your Time
Medium Programming • 1d ago