
Edel Finance paused lending after attacker inflated tokenized Google stock 78x, borrowing $403k. Flaw was in the wrapping mechanism, not the price oracle. Team absorbed loss, offers whitehat.
Tokenized equities platform Edel Finance paused its lending protocol Tuesday after an attacker manipulated how a wrapped Google stock was priced, borrowing against collateral valued at roughly 78 times its true worth. The attack left about $403,000 in bad debt, which the team absorbed, Edel said in a post-mortem.
The target was wGOOGLx, a wrapped version of the tokenized Google share GOOGLx. Edel Lending accepted wGOOGLx as collateral. The attacker tampered with the exchange rate between the two, so the protocol valued each wGOOGLx at roughly $27,800 instead of the correct $357, Edel explained. That phantom equity let the attacker borrow real assets from the pool before the team froze the contracts.
This was not an oracle failure. Edel said it used Chainlink oracles, the standard third-party price feeds, and those were reporting the correct Google share price. The flaw sat in the wrapping mechanism itself, the conversion step between GOOGLx and wGOOGLx. The attacker interfered with that conversion, so the collateral was mispriced even though the underlying price feed was accurate.
Once Edel detected the exploit, it paused all version-one contracts, which remain frozen. It warned users not to interact with them. The team said it traced the attacker's transactions and is coordinating with exchanges. Edel also offered the attacker a whitehat settlement – a deal that lets the hacker return most funds for a fee and no legal pursuit, within a set window.
No depositor will take a loss, Edel noted. The team is absorbing the bad debt and restoring balances one for one. It is deploying a version two with a redesigned pricing setup meant to block that kind of manipulation. A full technical breakdown will follow, Edel said.
The dollar amount is modest. The attack method is one of DeFi's most persistent categories. Manipulating the price a protocol reads, rather than breaking into the code, ranks as the second most common smart-contract vulnerability in the OWASP Smart Contract Top 10 for 2025. Security researchers at CertiK describe oracle price manipulation as one of the field's most common attack vectors.
Alongside cross-chain bridge hacks, which produced the year's largest thefts including the $292 million drained from Kelp DAO in April, price manipulation is where much of the money keeps going. In most of these, the code works exactly as written; the attacker just feeds it bad data.
Tokenized equities extend that attack surface. Products that place stocks like Google onchain are among the fastest-growing parts of DeFi, and they add an extra layer between an asset and its price – the wrapping and conversion steps that turn a share into collateral. Each layer is a potential manipulation point, as Edel just learned. The broader pattern of DeFi exploits is covered in our crypto market analysis.
Edel plans to deploy version two of its lending contracts this week. The whitehat settlement window remains open. A full technical post-mortem is expected within days, the team said.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.