
Vicuna Finance Post Mortem: Anatomy of a $700K Oracle Attack
Post-mortem analysis of the Vicuna Finance exploit on March 28, 2025. An oracle manipulation attack resulted in a $700K loss due to mispricing of LP tokens used as collateral.

D23E Team
Learn how we work from first principles to viable products.
Post-mortem analysis of the Vicuna Finance exploit on March 28, 2025. An oracle manipulation attack resulted in a $700K loss due to mispricing of LP tokens used as collateral.
D23E Team
LLMs are wonderful at predicting the next character in a text. But they can also predict the next trace opcode of a blockchain transaction! Hence they can detect which next opcode is rather unlikely --- we use this insight to create an abnormality detection system.
Liyi Zhou
Instead of joining the monkey game of find profitable opportunities, why not simply copy them? We investigate an advanced method to imitate blockchain transactions in real-time, allowing to generate hundreds of millions of USD. This work was published in Usenix Security.
Kaihua Qin
How to extract revenue from DeFi protocols with the Bellman Ford algorithm or an SMT solver? Check out our IEEE Security & Privacy Paper
Liyi Zhou
Traders extract monetary value from the mesh of decentralized finance (DeFi) smart contracts through so-called blockchain/miner/maximal extractable value (BEV/MEV). We shed light into this dark forest with an IEEE Security & Privacy Paper.
Kaihua Qin