Typus Finance Suspends All Contracts After $3.44M DeFi Oracle Exploit

A major security breach has struck the Typus Finance platform, resulting in the theft of approximately $3.44 million worth of digital assets. The incident targeted the TLP liquidity pool and stemmed from a vulnerability in the oracle module, which allowed the attacker to manipulate pricing data. The company has since released a detailed postmortem outlining each stage of the attack and announced a full suspension of all smart contracts pending the completion of an internal investigation.

The attack began on October 15 at 13:05 UTC. Within 19 minutes of detecting abnormal activity, the Typus team halted protocol operations, identified the source of the issue, and notified the Sui Foundation. By 14:54, the matter had been formally reported to law enforcement. According to the official report, the attackers withdrew 588,357.9 SUI, 1,604,034.7 USDC, 0.6 xBTC, and 32.227 suiETH from the TLP pool. User assets stored in personal wallets, as well as funds held in the SAFU fund and DeFi Options Vaults, remained untouched.

The breach was caused by a missing verification operator in the update_v2 function of the oracle module, included in a contract package deployed on November 13, 2024. This oversight allowed unauthorized addresses to modify price data without proper authentication. The issue was compounded by two organizational shortcomings — the module had been excluded from MoveBit’s May 2025 audit, and the Sentio monitoring system had not been configured for immediate response to such anomalies.

Developers emphasized that the losses were limited exclusively to the TLP pool, with no impact on other products. The automated “crankers” managing DeFi Options Vault transactions verify quotes against independent oracles before execution, effectively preventing any price manipulation attempts. Additionally, collateral for open positions is stored in separate contracts, isolated from TLP, ensuring its continued safety.

Immediately following the attack, Typus Finance froze all protocol activity and engaged its security partners — Sui Foundation, Mysten Labs, MoveBit, SlowMist, and Hypernative — to collaborate on forensic analysis and trace the movement of stolen assets. The team is currently developing revised, fully audited smart contracts and is also preparing an internal compensation plan for liquidity providers, with details to be announced at a later date.

Project representatives reaffirmed Typus Finance’s commitment to enhancing its security framework and pledged to keep the community informed throughout the investigation and recovery process.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy