Edel said it detected and contained the exploit, then paused all of its version-one contracts, which remain frozen, and warned users not to interact with them.
The team added it had traced the attacker’s transactions and is coordinating with exchanges, and that it has offered the attacker a whitehat settlement, a deal that lets a hacker return most of the funds in exchange for a fee and no legal pursuit, within a set window.
No depositor will take a loss, Edel noted, with the team absorbing the bad debt and restoring balances one for one. It is deploying a version two with a redesigned pricing setup meant to block this kind of manipulation, and promised a full technical breakdown to follow.
While the amount is small, the method sits in one of DeFi’s most persistent categories of exploit.
Manipulating the price a protocol reads, rather than breaking into it, ranks as the second most common smart-contract vulnerability in the OWASP Smart Contract Top 10 vulnerabilities for 2025, and security researchers at CertiK describe oracle price manipulation as one of the field’s most common attack vectors.
Alongside cross-chain bridges, which produced the year’s largest single thefts, including the $292 million drained from Kelp DAO in April, price manipulation is where much of the money keeps going, and in most of these, the code works as written.
