Stellar Ecosystem
News

Blockaid and Stellar validators contained a $10M oracle-manipulation attack on Blend lending protocol. An attacker inflated USTRY's price 100x via low-liquidity Reflector oracle feeds, borrowed $61M XLM using fraudulent collateral, and began bridging funds. Validators coordinated in real-time to quarantine ~48M XLM onchain before further damage.

CertiK explores two critical vulnerabilities in Soroban contract state storage: storing long-term data in Temporary storage risks irreversible loss when entries expire; relying on TTL expiry alone for nonce validation enables signature replay attacks. The article walks through vulnerable code patterns and secure alternatives using Persistent and Instance storage.

Stellar introduces CAP-77 Quorum Freeze, the first protocol-native onchain account freeze mechanism on a major L1 blockchain. Validators can reach consensus to freeze attacker addresses in minutes without chain halts or emergency upgrades, with full auditability and reversibility built into the ledger.

OpenZeppelin's Role Manager uses SubQuery's decentralized indexing to provide a unified interface for managing smart contract access control across 30+ networks, including Stellar mainnet and testnet, eliminating fragmented manual processes.

An article exploring secure agent delegation architecture through WaaP, a wallet-as-a-platform system that enables AI agents to execute transactions with scoped permissions and policy enforcement rather than full key access.

This article explores the privacy paradox on public blockchains, examining how transparent networks can enable confidential transactions while maintaining compliance. It identifies 'self-doxxing' as the core privacy problem and discusses potential solutions involving issuers and privacy providers.

YieldBlox lost $10.97 million on Blend V2 when an attacker manipulated the price of USTRY collateral 100x using a single trade in an illiquid market, then borrowed against the inflated valuation. The oracle reported the manipulated price accurately, but the protocol had no safeguards for detecting market anomalies or liquidity thresholds.

This article compares Proof-of-Stake consensus models with Stellar's Consensus Protocol (SCP), arguing that PoS networks create structural incentives for MEV extraction and validator misconduct, while Stellar's explicit trust model and revocable authority provide better protection for regulated asset issuers.

Chainalysis expanded its blockchain monitoring platform to support Stellar tokens, enabling automatic coverage for fungible and non-fungible tokens deployed to the network. The integration includes KYT alerts, entity screening, and transaction investigation tools for tracking fund flows and identifying illicit activity.

This article explains the Stellar Consensus Protocol (SCP) and its innovative use of quorum slices and Federated Byzantine Agreement (FBA) to achieve decentralized consensus. It details how SCP enables Stellar to operate with high security, low costs, and high performance while promoting organic network growth through open participation.

Soundness Labs and Mysten Labs have developed PQ-Chain, a backward-compatible upgrade for EdDSA-based blockchains like Stellar, Solana, Sui, and Aptos that adds quantum resistance without hard forks or address changes. It leverages the existing quantum-secure seed in EdDSA keypairs, proven via PQ-NIZK proofs at the transaction and account levels. This opt-in approach provides immediate protection during the transition to native post-quantum signatures.

Freighter Wallet is a non-custodial browser extension for Stellar that enables secure transaction signing and dApp interaction while keeping private keys on the user's device. It serves as the primary gateway for Web3 participation on Stellar, with full Soroban smart contract compatibility.

An article discussing the importance of financial privacy in blockchain systems and how Stellar's upcoming Protocol X-Ray upgrade will enable zero-knowledge proof verification in Soroban smart contracts, allowing developers to build privacy-preserving applications while maintaining blockchain transparency.

This article explores five zero-knowledge proof use cases for the Stellar ecosystem: zkTokens for private transactions, zkLogin for secure authentication, zkKYC for privacy-preserving compliance, zkVoting for governance, and zkVM for scalable computation via Risc Zero integration with Soroban.

The article critiques the false dichotomy between privacy and compliance in crypto, arguing that neither extreme—full anonymity nor total transparency—will enable mainstream onchain payments. It highlights Stellar Development Foundation's stance that privacy must be compliance-ready from the start, and promotes Fairblock's selective disclosure model as a balanced solution. This approach offers confidential transactions with onchain, condition-based disclosure for regulators and auditors.

Normal's 2025 recap highlights its evolution from a centralized product to a fully self-custodial, decentralized protocol built on Stellar. Key achievements include 30,000 lines of smart contract code for wallets, AMMs, DEX, synthetic assets, and on-chain indexes, a Halborn security audit backed by SDF, and a Stellar Community Fund grant. The team expanded with key hires like CTO Jay and frontend lead Niko, while hosting global community events.

Range recaps its 2025 achievements in building stablecoin payments infrastructure, highlighted by the launch of Faraday for real-time routing, screening, and compliance, and the Stablecoin Explorer for cross-chain observability. The company expanded support across ecosystems like Solana, Stellar, and others, while publishing in-depth research on stablecoin usage, including USDC on Stellar. Amid major hacks and regulatory shifts like MiCAR, Range positioned itself as a leader in proactive security and enforcement for maturing stablecoin rails.

Faraday, Range's unified platform, streamlines stablecoin routing, risk management, compliance, and analytics compared to multi-vendor stacks like 0x, LI.FI, TRM Labs, and Dune. It offers a single API supporting chains including Stellar, reducing integration overhead and improving efficiency for fintechs like AcmePay. The article details advantages across routing, risk, data, and maintenance dimensions.

The Stellar Development Foundation disclosed a bug in Soroban Live State Prioritization (introduced in Protocol 23) that corrupted 478 data entries starting September 4, 2025. The issue was in the eviction mechanism that moved outdated versions of persistent entries to hot-archive storage instead of the latest versions, affecting network data consistency.

Trustless Work is a Stellar-based escrow system where roles define permissions for managing funds in a trustless manner. Key roles include Issuer, Funder, Service Provider, Approver, Release Signer, Receiver, Platform Address, Dispute Resolver, and Observer. This design ensures transparency, security, and programmability without single-party control over funds.

EquitX partners with Runtime Verification for a comprehensive security audit of its v1 core contracts ahead of its December mainnet launch on Stellar. The audit, supported by the Stellar Development Foundation's Soroban Audit Bank, ensures the protocol's synthetic equities are trustless, transparent, and robust. This step underscores EquitX's commitment to security as it introduces borderless access to equities.

ChainPatrol announces the launch of its redesigned website, ChainPatrol.com, featuring 24/7 booking, streamlined landing pages, fresh blog content, updated product info, changelog, and new customer testimonials. The platform protects Web3 projects from phishing and impersonations. Notable clients include Stellar among others like MetaMask, TON, Sui, Polkadot, and Polymarket.

Hoops Finance releases version 0.5.0, introducing a unified identity layer with WebAuthn passkeys, zero-knowledge SRP authentication, and seamless Stellar wallet integration via SEP-10. Developers gain enhanced API keys, token logos, and standardized data endpoints for easier integration. The update improves performance, security, and sets the foundation for upcoming Smart Accounts, Vault Rewards, and onchain risk algorithms on Stellar.

An analysis debunking common blockchain decentralization myths, arguing that proof-of-stake systems concentrate power through wealth rather than validator count, and contrasting this with Stellar's Consensus Protocol (SCP), which grants power through explicit, community-chosen, and revocable trust rather than capital.

Webacy has been selected as a recipient of the Stellar Community Fund Build Award in SCF Round #38. Out of 83 submissions, 24 projects were chosen for their contributions to the Stellar ecosystem. Webacy will bring advanced risk intelligence and decisioning infrastructure to enhance security on Stellar.

Certora organized the first formal verification contests for Rust-based Soroban smart contracts on Stellar, partnering with Code4rena and Cantina. The contests for Blend v2 and Aquarius protocols featured a 40,000 USDC prize pool and used mutation testing to evaluate specifications. They demonstrated the effectiveness of Certora's Sunbeam prover in securing DeFi protocols on Stellar.