Summary
Sui-based DeFi platform Typus Finance was hit by an exploit that drained $3.4 million from its core TLP liquidity contract after attackers abused an oracle vulnerability tied to missing authority checks, prompting the team to immediately pause all smart contracts. Security firm Hacken reported the stolen funds were swapped to DAI within hours and traced the original funding of the attacker’s wallet to Tornado Cash. The breach underscores ongoing oracle and custody risks for Sui ecosystem projects, threatens user liquidity and market confidence, and complicates recovery or legal remedies given rapid asset obfuscation.
Comments
Want to join the conversation?