⚡ BREAKINGCryptoSearcher
LIVE
Breaking News · Latest Updates · Live Coverage·Top Stories · Analysis · Opinion·Breaking News · Latest Updates · Live Coverage·Top Stories · Analysis · Opinion
DeFi

DeFi Lender Edel Finance Hit by Wrapped Token Exploit, $403K in Bad Debt

Edel Finance paused its version-one lending protocol after an attacker inflated a wrapped tokenized Google stock to 78 times its real value, borrowing against phantom collateral and leaving $403,000 in bad debt. The team is absorbing all losses and rolling out a redesigned protocol.

CryptoSearcher|
DeFi Lender Edel Finance Hit by Wrapped Token Exploit, $403K in Bad Debt

Edel Finance shut down its version-one lending protocol on Tuesday after an attacker manipulated the wrapping mechanism of a tokenized Alphabet stock, inflating its collateral value to approximately 78 times the real price and generating roughly $403,000 in bad debt. The team said all depositor balances will be made whole, with the protocol absorbing the losses directly.

The exploit targeted wGOOGLx, a wrapped derivative of GOOGLx — a tokenized representation of Alphabet's Google shares. Edel Lending accepted wGOOGLx as collateral. The attacker interfered with the conversion rate between GOOGLx and its wrapped form wGOOGLx, causing the protocol to read the collateral's value at around 78 times its actual worth. At the time of the attack, Chainlink oracles were correctly reporting the underlying Google share price at approximately $357. The vulnerability was not in the price feed itself but in the wrapping and unwrapping mechanism that bridges the two token formats.

With the collateral artificially inflated, the attacker borrowed real assets from the protocol against what was effectively phantom value. The discrepancy between the accurate oracle price and the mispriced wrapped token allowed the attacker to extract funds without triggering standard price-based safeguards.

Edel said it identified and contained the exploit, then froze all version-one contracts. The team warned users not to interact with any of the paused contracts. Edel has traced the attacker's on-chain transactions and is coordinating with cryptocurrency exchanges. The team has also extended a white-hat settlement offer within a defined window, giving the attacker the option to return the majority of funds in exchange for a bounty and no legal action.

A redesigned version-two lending system is being deployed, featuring an updated pricing architecture intended to prevent similar wrapped-token manipulation. Edel has also committed to publishing a full technical post-mortem.

Price manipulation of this type ranks as the second most common smart-contract vulnerability in the OWASP Smart Contract Top 10 for 2025. Security researchers at CertiK have repeatedly flagged oracle and collateral price manipulation as one of the most persistent attack vectors in decentralized finance.

The incident adds to a broader pattern. Cross-chain bridge exploits have driven the largest single thefts of 2025, including $292 million drained from Kelp DAO in April, while price and rate manipulation continues to account for a significant share of DeFi losses. Tokenized equities represent a growing segment of DeFi and introduce additional conversion layers — wrapping, unwrapping, and rate calculations — that expand the potential attack surface beyond what traditional token protocols face. The Edel case illustrates how a correctly functioning price oracle offers no protection when the collateral valuation step upstream of it can be manipulated independently.

Read Also