Ploutus on Ethereum Exploited After Oracle (off-chain price feed) Error—About $390K Lost

A misconfigured price oracle tied USDC to Chainlink’s BTC/USD feed, enabling massive undercollateralized borrowing and resulting in a $390,000 loss on Feb. 26.

BTC

ETH

USDC

48d ago

Summary

Ploutus protocol’s Ethereum liquidity pool lost approximately $390,000 after an oracle misconfiguration connected USDC pricing to Chainlink’s BTC/USD feed. This allowed an attacker to borrow 187 ETH using only 8 USDC as collateral, exploiting the flaw soon after a parameter change was confirmed. The incident underscores how incorrect oracle setups can facilitate undercollateralized loans and lead to significant financial losses.

Terms & Concepts

Price oracle: A service that delivers external market data to blockchains; mispricing or misconfiguration can be exploited.
Liquidity pool: On-chain reserves of tokens used for trading or lending; parameters set collateral and borrowing conditions.
Smart contract: Self-executing blockchain code that automates rules; bugs or bad settings can create vulnerabilities.