Discussion post https://interlay.subsquare.io/posts/66
Compensation Claim for Wrongful Liquidation Caused by Oracle Failure During the Hyperbridge Exploit (April 13, 2026)
Claimant Address: wdCqxq8RoyA9eW7AMcWxm11CMqcr3avEXj8V661VnUZpoG1kb Date of Incident: April 13, 2026 Date of Submission: April 14, 2026 Affected Protocol: Interlay Lending Market Affected Asset: vDOT (Bifrost Voucher DOT on Interlay)
- Incident Summary
On April 13, 2026, a critical security exploit was carried out against the Hyperbridge cross-chain bridge infrastructure. The attacker exploited a vulnerability in the bridge's minting logic on the Ethereum network, creating a large quantity of fraudulent DOT representations. This caused severe and artificial price distortion for DOT and its derivative assets — including vDOT — specifically within Ethereum-side liquidity pools.
Critically, this price distortion was isolated to Ethereum-side markets and did not reflect any change in the underlying value of DOT or vDOT on the native Polkadot network. On-chain data from Bifrost — the issuer and custodian of vDOT — confirmed that vDOT maintained its expected price and peg throughout the entire incident.
Despite this, Interlay's Oracle price feed, which sourced vDOT pricing data from Ethereum-side liquidity pools rather than from Bifrost's native on-chain feed, ingested the corrupted price data and triggered an automated liquidation of my borrowing position. This liquidation was not a result of any genuine deterioration in collateral value but was entirely a consequence of the protocol consuming manipulated external data.
- Loss Details
Item Detail
Collateral Asset vDOT
Amount Liquidated 4,257 vDOT
Debt Position at Liquidation ~4,000 USDT
Fair Market Value of Collateral ~4,500 USDT (based on pre-incident Bifrost native price)
Net Loss ~4,500 USDT (collateral value minus debt)
Compensation Requested 4,500 USDT
- Core Liability Argument: Oracle Design Failure
3.1 Faulty Data Source Selection
Interlay's Oracle for vDOT pricing relied on Ethereum-side liquidity pool data, which was directly exposed to and corrupted by the Hyperbridge exploit. At the same time, Bifrost — as the official issuer of vDOT and the authoritative source for its redemption value — maintained an accurate and stable on-chain price feed throughout the incident on the native Polkadot network.
The protocol's failure to use or cross-reference Bifrost's native price feed as a primary or fallback data source represents a fundamental Oracle design flaw. The accurate price data was available and accessible; the protocol simply was not configured to use it.
Factual Basis
• The Hyperbridge team has publicly confirmed the exploit as a bridge-layer attack
This was not a market risk event. It was a protocol infrastructure failure.
- On-Chain Implementation
This proposal requests the following on-chain actions upon passage of this referendum:
Call 1 — 4,500 USDT Compensation
Note on funding source: The Interlay money market account (wd9yNSwR5jsJWJZ6yzpWRRhe59Z8xLQvZpxrPF7ux76mKaBZ6) currently holds approximately 117,338 USDT, as verified on-chain. The requested compensation of 4,500 USDT represents less than 4% of available USDT liquidity and is well within the protocol's capacity to absorb without impacting normal lending market operations.
- Requested Actions
- Financial Compensation: Credit of 4,500 USDT to the claimant's address as full settlement for losses incurred due to the oracle failure
- Oracle Improvement: A public commitment from the Interlay development team to integrate Bifrost's native on-chain price feed as a primary or weighted data source for vDOT pricing
- Risk Controls: Implementation of price deviation circuit breakers and emergency pause mechanisms for liquidations during abnormal market conditions or detected bridge exploits
- Conclusion
This claim is not based on normal market risk. Every participant in DeFi accepts volatility — but no participant should bear losses caused by a protocol consuming demonstrably corrupted data when accurate data was available from the asset's own issuer.
The amount requested is modest. Approving this proposal would demonstrate that Interlay takes protocol-level failures seriously, protects its users from infrastructure risks outside their control, and holds itself to the standard expected of a mature DeFi protocol in the Polkadot ecosystem.
I remain committed to the Interlay and Polkadot ecosystems and look forward to a fair resolution.
All on-chain data referenced in this proposal was verified directly via Polkadot.js Apps connected to Interlay's RPC endpoint (wss://rpc-interlay.luckyfriday.io) on April 19, 2026.