• One min read
Ploutus Protocol Exploited Due to
Oracle Misconfiguration, Loss Totals ~$390,000
According to BlockSec Phalcon, Ploutus Protocol's liquidity pool on Ethereum was exploited due to an oracle misconfiguration, resulting in a loss of approximately $390,000.
AUTOSEC.DEV
- Exploit Date: February 27, 2026
- Target Project: Ploutus
- Project Overview: Ploutus is a DeFi lending protocol deployed on Ethereum.
- Loss Amount: ~$390,000
- Attack Vector: Oracle Misconfiguration
Incident Review & Technical Details
- Attack Path:
- The oracle was misconfigured to use the BTC/USD Chainlink price feed to price USDC, creating a massive price discrepancy.
- The attacker utilized only 8 USDC as collateral to borrow 187 ETH, successfully completing the arbitrage.
- Impact: The affected liquidity pool suffered a direct loss of approximately $390,000 in assets.
- Official Assessment: The incident was caused by a misconfiguration in the oracle price feed rather than a vulnerability in the core smart contract logic.
- Investigation Progress: