An attacker inflated the value of a tokenized Google share used as collateral to about 78 times its real price, then borrowed against it, leaving roughly $403,000 in bad debt.

  • Edel Finance halted its version-one lending protocol after an attacker manipulated the wrapping mechanism for a tokenized Google stock, inflating collateral values by about 78 times and creating roughly $403,000 in bad debt.
  • The exploit did not stem from faulty price oracles —Chainlink feeds correctly reported Alphabet’s share price — but from how GOOGLx converted to and from its wrapped form wGOOGLx, allowing the attacker to borrow real assets against mispriced collateral.
  • Edel said it will absorb all losses so depositors are made whole, is rolling out a redesigned version-two system to prevent similar price-manipulation attacks, and has offered the attacker a white-hat settlement while coordinating with exchanges.

Tokenized equities trading platform Edel Finance paused its lending protocol on Tuesday after an attacker exploited how it priced a tokenized stock, borrowing against collateral inflated to roughly 78 times its true value and leaving about $403,000 in bad debt, the team said.

— Edel Finance (@edeldotfinance) July 1, 2026
Earlier today, Edel identified and contained an exploit affecting Edel Lending.
The exploit involved manipulation of the wrapped xStocks exchange rate between wGOOGLx and GOOGLx, causing wGOOGLx collateral to be valued at approximately 78x its…

The target was a tokenized version of Alphabet's Google stock. Edel Lending accepted wGOOGLx, a wrapped form of the tokenized share GOOGLx, as collateral.

A wrapped token is a version of an asset repackaged to work inside a particular protocol, and it is meant to track the underlying asset one for one. The attacker manipulated the exchange rate between the two so that wGOOGLx was valued at about 78 times what it should have been, then used that phantom collateral to borrow real assets from the protocol.

The pricing itself was not the weak point. Edel said it used Chainlink oracles, the standard third-party services that feed real-world prices onto a blockchain, and those were reporting the correct Google share price of around $357.

The flaw was in the wrapping mechanism. The attacker interfered with how GOOGLx converted to and from wGOOGLx, so the collateral was mispriced even though the underlying price feed was accurate.

Edel said it detected and contained the exploit, then paused all of its version-one contracts, which remain frozen, and warned users not to interact with them.

The team added it had traced the attacker's transactions and is coordinating with exchanges, and that it has offered the attacker a whitehat settlement, a deal that lets a hacker return most of the funds in exchange for a fee and no legal pursuit, within a set window.

No depositor will take a loss, Edel noted, with the team absorbing the bad debt and restoring balances one for one. It is deploying a version two with a redesigned pricing setup meant to block this kind of manipulation, and promised a full technical breakdown to follow.

While the amount is small, the method sits in one of DeFi's most persistent categories of exploit.

Manipulating the price a protocol reads, rather than breaking into it, ranks as the second most common smart-contract vulnerability in the OWASP Smart Contract Top 10 vulnerabilities for 2025, and security researchers at CertiK describe oracle price manipulation as one of the field's most common attack vectors.

Alongside cross-chain bridges, which produced the year's largest single thefts, including the $292 million drained from Kelp DAO in April, price manipulation is where much of the money keeps going, and in most of these, the code works as written.

Tokenized equities extend that surface. Products that put stocks like Google onchain are among the fastest-growing parts of DeFi, and they add another layer between an asset and its price: the wrapping and conversion steps that turn a share into collateral.

Zcash’s Tachyon upgrade aims to scale shielded payments, improve quantum readiness, and test whether its funding, security, and governance can hold.