Top

DeFiTuna loses over $569K in USDC to exploit

July 17, 2026, 11:20 AM
Solana-based DeFi protocol DeFiTuna lost 569,601 USDC in an exploit on July 16, according to an analysis by blockchain security firm CertiK. The attacker initiated the exploit by creating a TUNA/USDC pool with extremely low liquidity. They then swapped borrowed USDC through Jupiter routing within this pool, receiving a negligible amount of TUNA in return. This action triggered a rounding error in the protocol's asset valuation process, causing the total asset value to be calculated as zero and thereby bypassing its solvency checks. The attacker subsequently withdrew the USDC through a liquidity position under their control, and the stolen funds have since been distributed to multiple intermediate addresses. CertiK identified the root cause as a flaw in the solvency check logic, which incorrectly validated a position as normal even when its asset value was calculated as zero under extreme conditions.

Leave the first comment

You need to log in to leave a comment.
Log In
Loading