YieldBloxMicro-cap

YieldBlox receives a D+ risk grade (58/100) from Hindenrank, where lower scores indicate lower risk. High risk — a February 2026 oracle manipulation exploit proved the Reflector VWAP oracle can be manipulated via thin Stellar DEX liquidity, resulting in a $10.2M pool drain and TVL collapse to under $100K. YieldBlox is Stellar's first DeFi lending protocol, built on the Blend permissionless lending framework and governed by the YBX token. In February 2026 the protocol's community-managed pool suffered a $10.2M oracle manipulation exploit when an attacker inflated the price of the illiquid USTRY collateral asset 100x via a single Stellar DEX trade, draining all pool reserves. Its D+ grade reflects a major exploit on the current codebase, a custom on-chain VWAP oracle with a proven vulnerability to thin-market manipulation, and a TVL collapse to under $100K following the incident.

The key risks identified for YieldBlox are: (1) Reflector, the VWAP oracle used by YieldBlox pools, prices assets based on recent Stellar DEX trading activity. In February 2026 a single manipulative trade in the illiquid USTRY/USDC pair inflated its oracle price 100x (from $1.05 to ~$106), enabling the attacker to borrow $10.2M in XLM and USDC before any protective mechanism triggered. Stellar validators subsequently froze $7.2M of the stolen funds, but this depends on rapid validator coordination. (2) YieldBlox operates on Blend's permissionless pool framework, which allows governance token holders to approve new collateral assets. The collateral approval process may lack sufficient liquidity-threshold requirements to prevent illiquid assets — like USTRY — from being added as collateral and creating oracle manipulation surfaces. (3) Post-exploit TVL has collapsed to approximately $50K. Script3 has committed to compensating affected users from organizational funds, but this relies on a centralized commitment rather than on-chain enforcement. The backstop module's capacity was insufficient to cover the $10.2M bad debt. (4) The YBX governance token has declined approximately 97% from its all-time high of $3.08 and trades at around $0.09. With limited direct revenue-sharing to holders and ongoing emissions of 15M YBX per year, the token faces continued dilutive pressure and a weak incentive structure for new depositors.

YieldBlox scores 58/100 across eight risk dimensions: Mechanism Novelty: 9/15, Interaction Severity: 15/20, Oracle Surface: 7/10, Documentation Gaps: 4/10, Track Record: 15/15, Scale Exposure: 0/10, Regulatory Risk: 2/10, Vitality Risk: 6/10. The highest risk area is Track Record at 15/15.

Among 90 rated Lending protocols on Hindenrank, YieldBlox ranks #87 by safety (lowest risk score = safest). Its 58/100 risk score and D+ grade place it among the riskier Lending protocols.

YieldBlox scores 15/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.