In October 2025, Sui-based Typus Finance was the victim of a hack. The attacker took advantage of vulnerabilities in the project’s oracle to drain an estimated $3.44 million in SUI, USDC, xBTC, and suiETH from the project.
Inside the Attack
With the exception of stablecoins, most cryptocurrencies have values that are determined by the market rather than an external source. As a result, smart contracts need an oracle to determine the current value of a particular token to support trades.
The Typus smart contract hack was made possible by a combination of an unaudited, custom oracle and a missing assert statement within the oracle contract. Without the assert statement, the attacker was able to bypass the authorization checks for oracle prices.
As a result, the attacker was able to make changes to the perceived value of tokens. This allowed the attacker to perform swaps at the incorrect prices, enabling them to drain value from the contract. In total, an estimated $3.44 million was stolen and bridged to Ethereum. The stolen tokens were then swapped to DAI to make them more difficult to track and freeze.
After being notified of the issue, the project paused all of its smart contracts. The Typus team also plans to redeploy audited versions of the contracts to close the identified security gap and other potential issues.
Lessons Learned from the Attack
The Typus hack underscores the importance of performing comprehensive security audits of all smart contract code before releasing it on-chain. While the project had undergone audits of other elements of its codebase, the affected code was outside of the scope of past audits. As a result, a critical component of the protocol’s access management was neglected, allowing the attacker to exploit the oracle contract.
This incident also demonstrates the value of using tried and tested versions of code — like Chainlink’s oracle — rather than custom versions. While Typus uses independent oracles as part of its other products, it used a custom one for the TLP contract. As a result, vulnerabilities in the code led to a $3.44 million hack.
Halborn offers advisory and auditing services designed to support DeFi projects’ security efforts from the initial planning stage through deployment and beyond. Applying security best practices, such as using trusted implementations and performing comprehensive smart contract audits, can help your project to avoid these types of attacks. To learn more, get in touch.