Typus Finance Hack

On October 15, 2025, Typus Finance, a yield platform built on Sui, lost roughly $3.4 million in an oracle manipulation attack. Investigators including Halborn traced the breach to access-control weaknesses in the project’s custom price oracle, embedded in one of its TLP (Typus Liquidity Provider) contracts, which the attacker exploited to distort asset valuations and drain liquidity pools. The native token fell about 35% following the exploit. Typus paused affected contracts and opened an investigation while assuring users that the core protocol remained intact. The incident contributed to October 2025 being the lowest-loss month of the year at $18.18 million across 15 incidents per PeckShield, yet it highlighted the persistent risk of bespoke oracle logic in newer ecosystems. It reinforced the need for hardened price feeds, strict access controls on oracle update functions, and adversarial testing of custom valuation contracts before they manage live liquidity.