Is Pyth Network Safe?
Risk Grade: B (26/100)
Pyth Network is rated as moderate risk — some novel mechanisms, generally well-understood.
Moderate risk — strong institutional backing and growing adoption as the dominant oracle for Solana and newer chains, with manageable risk from Wormhole dependency and the still-maturing first-party oracle model.
Pyth Network is a decentralized oracle delivering real-time price data from 124+ first-party publishers (including Binance, Jane Street, Cboe) to DeFi protocols across 100+ blockchains. With 380+ price feeds updating every 400 milliseconds, it is the dominant oracle on Solana and growing rapidly across other chains. Its B grade reflects strong institutional publisher participation, active development, and a clean track record, with moderate risk from its Wormhole cross-chain dependency and the novel first-party oracle architecture that is still maturing relative to Chainlink's longer track record.
TVL
—
Mechanisms
6
Interactions
5
Value Grade
D+
Key Risks for Pyth Network Users
Pyth delivers price data across 100+ blockchains using Wormhole's cross-chain messaging system. Wormhole suffered a $320 million exploit in February 2022, and any future Wormhole vulnerability could compromise the integrity of Pyth price feeds across all integrated chains.
Unlike Chainlink's push-based model where oracles automatically update prices on-chain, Pyth uses a pull-based system where DeFi protocols must actively request price updates. If a protocol fails to pull fresh data during rapid price movements, it may use stale prices for liquidations or trades, potentially causing user losses.
While Pyth has 124+ registered publishers, some less liquid price feeds rely on a smaller subset of active publishers. If several major publishers simultaneously experience outages or submit incorrect data for a specific feed, the aggregation mechanism may not fully compensate, producing an incorrect price.
The PYTH token is primarily a governance token with limited fee capture. Publisher rewards represent 22% of total supply, creating ongoing emission pressure. If PYTH price declines significantly, publisher rewards may become insufficient to maintain high-quality data infrastructure.
Top Risk Factors
- •First-party oracle data publisher trust: Pyth relies on data publishers (exchanges, market makers, trading firms) to submit honest price data. While aggregation across 124+ publishers reduces manipulation risk, individual publishers could submit stale or incorrect data. The confidence interval mechanism provides a measure of data agreement, but downstream DeFi protocols may not always properly handle wide confidence bands.
- •Pull-based oracle model introduces latency risk: Unlike Chainlink's push-based model, Pyth uses a pull-based system where consumers must request price updates. If a DeFi protocol fails to pull an update during rapid price movement, it may use stale data for critical operations like liquidations. The 400ms update frequency mitigates this for active consumers, but the model shifts responsibility for freshness to integrators.
- •Cross-chain message relay dependency: Pyth uses Wormhole as its cross-chain messaging layer to deliver price data from Pythnet (its Solana-based appchain) to 100+ supported blockchains. Wormhole has experienced significant security incidents (including a $320M exploit in February 2022), and any Wormhole vulnerability could compromise price data integrity across all Pyth-integrated chains.
- •Concentrated publisher ecosystem despite breadth: While Pyth lists 124+ publishers, a significant portion of price feed data comes from a smaller subset of high-volume publishers (Binance, Cboe, Jane Street). If several major publishers simultaneously experience outages or submit incorrect data, the aggregation mechanism may not fully compensate.
How Pyth Network Compares to Peers
Pyth Network ranks #4 of 68 DeFi protocols (top quartile — safer than most). At a risk score of 26/100, it's 10 points safer than the sector average of 36/100.
Adjacent peers: DeFi Saver (B, 25/100) is ranked just safer, and Arrakis Modular (B, 26/100) is ranked just riskier.
See the full DeFi sector leaderboard or the Pyth Network vs Arrakis Modular comparison.
Common Questions about Pyth Network
Plain-English answers based on Pyth Network's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Scale Exposure (7/10).
Has Pyth Network ever been hacked or exploited?
Pyth Network has a fairly clean operational history. The track record dimension scored 3/15, indicating minor or no significant incidents on record. A clean track record is a positive signal but it does not guarantee future safety, especially as protocol complexity grows.
How much money is at stake in Pyth Network?
Pyth Network currently holds an undisclosed amount of user capital. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Pyth Network?
Hindenrank has identified specific collapse scenarios for Pyth Network. The most prominent: "Wormhole Guardian Compromise Cascading Across Pyth Consumers". The trigger condition is A vulnerability in Wormhole's guardian network (19-of-19 guardians as of 2025) allows an attacker to forge or manipulate Pyth price attestations delivered to one or more target chains.. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Pyth Network regulated or insured?
Pyth Network has low regulatory exposure on Hindenrank's framework (2/10). The protocol is structured in a way that minimizes counterparty and jurisdiction concentration, though regulatory risk in crypto can change rapidly. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Pyth Network?
Hindenrank's retail-focused risk audit flagged: Pyth delivers price data across 100+ blockchains using Wormhole's cross-chain messaging system. Wormhole suffered a $320 million exploit in February 2022, and any future Wormhole vulnerability could compromise the integrity of Pyth price feeds across all integrated chains. Unlike Chainlink's push-based model where oracles automatically update prices on-chain, Pyth uses a pull-based system where DeFi protocols must actively request price updates. If a protocol fails to pull fresh data during rapid price movements, it may use stale prices for liquidations or trades, potentially causing user losses. While Pyth has 124+ registered publishers, some less liquid price feeds rely on a smaller subset of active publishers. If several major publishers simultaneously experience outages or submit incorrect data for a specific feed, the aggregation mechanism may not fully compensate, producing an incorrect price.
Should beginners deposit into Pyth Network?
Pyth Network is rated B, which is acceptable for users who understand the protocol's mechanism. Beginners should read the full risk breakdown and only deposit after they can articulate the top three failure modes. If you cannot explain how the protocol works, do not deposit.
How does Pyth Network compare to safer DeFi alternatives?
Pyth Network is one protocol in Hindenrank's DeFi coverage. The safest DeFi protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Pyth Network against the full DeFi ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Pyth Network risk report.
Read the Full Pyth Network Risk Report
This protocol has 2 collapse scenarios. 1 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.