Blockaid and Stellar validators contained a $10M oracle-manipulation attack on Blend lending protocol. An attacker inflated USTRY's price 100x via low-liquidity Reflector oracle feeds, borrowed $61M XLM using fraudulent collateral, and began bridging funds. Validators coordinated in real-time to quarantine ~48M XLM onchain before further damage.
On February 22, 2026, an attacker exploited minimal liquidity in USTRY (a tokenized Treasury asset) to manipulate the Reflector oracle's price feed, reporting the asset at 100x its actual value. Using the inflated valuation as collateral, the attacker borrowed 61M XLM and 1M USDC from a YieldBlox community Blend lending pool. Blockaid provided real-time forensic analysis and wallet clustering to pinpoint attacker-controlled addresses across chains. Stellar Tier-1 validators responded by coordinating transaction filtering to reject outflows from those wallets, effectively quarantining approximately 48M XLM onchain. The incident exposed how oracle price formation and liquidity conditions shape DeFi risk at scale, and demonstrated decentralized governance responding to live threats in minutes rather than hours.
