QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$1 500 000 USD
APRIL 2025
GLOBAL
TERM FINANCE
DESCRIPTION OF EVENTS
Term Finance is a decentralized lending platform that enables fixed-rate borrowing and lending of crypto assets through on-chain auctions. Built on Ethereum, Term Finance allows users to lock in predictable borrowing costs or returns, helping them manage cash flows and financial planning with greater certainty. The platform has cleared over $410 million in cumulative borrow volume, showcasing growing adoption among crypto-native lenders and borrowers.
Each week, Term hosts auctions for fixed-term loans—typically four weeks—across a variety of crypto collateral types such as wETH, wBTC, USDC, sAVAX, and others. During these auctions, a single market-clearing interest rate is determined, ensuring fairness and transparency. Everyone in the auction receives or pays the same rate regardless of their loan size, which levels the playing field for both institutional and retail participants.
Term is backed by a robust lineup of investors, including Electric Capital, Coinbase Ventures, Maelstrom, and Robot Ventures, as well as prominent angels like Fernando Martinelli (Balancer) and DeFi Dad. The platform places a high priority on security, with audits from Sigma Prime, Certora, Runtime Verification, and a DeFi Safety score of 93%.
An internal human error during an update to the tETH oracle, specifically a decimal precision mismatch between components of the oracle, caused the oracle to produce incorrect price data for the tETH asset within the protocol. Because the protocol relies on accurate pricing for liquidations, this error led to unintended liquidations of users’ positions amounting to about 918 ETH.
The root cause of the @term_labs incident is the inconsistent price decimals of tETH in the newly updated tETH price oracle.
According to Term Finance, this was not a smart contract vulnerability or hack. The contracts themselves were secure and functioning as intended. The issue was procedural: a flaw in the operational execution of updating the oracle, not a flaw in the underlying code or the tETH asset infrastructure.
During the window when the faulty price feed was active, an anonymous liquidator executed liquidations according to on-chain rules, taking advantage of the incorrect pricing.
The technical issue stemmed from a decimal precision mismatch in the tETH oracle update. Specifically, during an internal update to the oracle that provides price data for the tETH asset, one or more components of the oracle system failed to correctly handle or align the decimal places used to represent the asset’s price.
Oracles often represent prices with fixed decimal precision to maintain accuracy (for example, prices might be expressed with 8 or 18 decimal places). In this case, a parameter related to decimal scaling—such as the number of decimals expected or used to convert raw price data into human-readable values—was either not updated or inconsistently updated across different parts of the oracle infrastructure.
As a result, the oracle began outputting prices that were either scaled incorrectly (too large or too small) relative to the actual market value of tETH. This led to the protocol interpreting the asset’s price inaccurately, which in turn triggered unintended liquidations because collateral valuations became artificially distorted.
The total losses were 918 ETH.
Term Finance’s initial reaction to the issue was swift and responsible. Upon discovering the decimal mismatch error in the tETH oracle update that caused incorrect pricing and unintended liquidations, they immediately took containment measures to limit further impact. They reached out to the anonymous liquidator who executed the liquidations to negotiate the return of affected assets. Although the liquidator initially declined voluntary remediation, ongoing communication led to the recovery of about 556 ETH out of the total approximately 918 ETH lost.
Term Finance also promptly accepted full responsibility for the incident, publicly acknowledged the operational error, and committed to fully reimbursing all affected users. They emphasized that the protocol itself and user wallets were uncompromised, and that no broader systemic risks existed.
Alongside these immediate responses, Term Finance began outlining a clear reimbursement plan and announced a series of operational and governance improvements to prevent similar incidents in the future. This included introducing third-party validations, enhancing governance transparency, strengthening internal review processes, and reassigning critical review responsibilities — demonstrating a commitment not just to recovery but to long-term operational integrity.
Term Finance successfully contained the issue and took full responsibility for the operational error that caused the incorrect tETH pricing and subsequent unintended liquidations. They recovered a significant portion of the affected assets—about 556 ETH—which reduced the net loss to approximately 362 ETH (around $650,000).
They also announced that all affected users (18 in total) will be fully reimbursed for their losses, with borrowers retaining their loan proceeds and compensated for any shortfalls, and lenders able to redeem as usual at maturity. Importantly, the incident did not compromise user wallets or pose any systemic risk to the protocol or broader ETH markets.
Term Finance was able to contain the damage and negotiate to recover 556 ETH. It is unknown if any bounty was paid in that process.
Beyond remediation, Term Finance committed to strengthening its operational and governance processes. This includes implementing mandatory third-party validation for critical oracle updates, enhancing governance transparency through public proposals, reinforcing operational checklists and escalation protocols, and reassigning review responsibilities to ensure rigorous independent validations.
Term Finance is actively working to complete the full reimbursement process for all affected users. They have secured funding to ensure that borrowers are compensated for any losses beyond their loan proceeds, and lenders can redeem their holdings as usual at maturity. The estimated timeline for completing reimbursements is around April 30, 2025, and Term Finance plans to provide ongoing updates until the process is finalized.
Term Finance is also continuing communications with the anonymous liquidator who executed the unintended liquidations during the period of incorrect pricing. Although the liquidator initially declined voluntary remediation, discussions remain open, and the platform hopes to recover additional assets beyond the approximately 556 ETH that have already been returned.
In parallel, Term Finance is in the process of implementing significant operational and governance improvements to prevent similar incidents in the future. This includes onboarding a third-party auditor to validate all critical oracle updates and protocol parameter changes, reinforcing internal checklists, formalizing escalation protocols, and increasing governance transparency through public proposal mechanisms. These efforts aim to create multiple layers of oversight and external validation for sensitive system operations.
Finally, Term Finance is encouraging greater community involvement by making governance processes more transparent and accessible. They have reassigned second-party review responsibilities to individuals with demonstrated operational rigor to ensure that all critical protocol changes undergo thorough independent review. These ongoing initiatives reflect Term Finance’s commitment to operational discipline, security, and rebuilding user trust over the long term.
Term Finance, a decentralized lending platform offering fixed-rate crypto loans via on-chain auctions, experienced an incident caused by an internal human error during an update to the tETH price oracle. Specifically, a decimal precision mismatch between components of the oracle led to incorrect tETH pricing, which triggered unintended liquidations totaling approximately 918 ETH. The issue was procedural—not a smart contract vulnerability—and no external manipulation occurred. Term Finance responded swiftly by containing the impact, negotiating with the liquidator to recover about 556 ETH, and committing to fully reimburse all 18 affected users. They also outlined plans for operational and governance improvements, including mandatory third-party validations, enhanced transparency, and strengthened review processes, to prevent future incidents and rebuild trust.
TenArmor - "Our system has detected 2 suspicious transactions involving @term_labs on #ETH, resulting in an approximately loss of $1.5M. It appears that something is wrong with the liquidation. Someone spent a very small amount of ETH to liquidate over 586 Treehouse collateral." - Twitter/X (Aug 1)
First Attack Transaction - Etherscan (Aug 1)
Second Attack Transaction - Etherscan (Aug 1)
Postmortem: Term tETH Oracle Decimal Inconsistency Incident - Term Labs (Aug 1)
Term Finance Homepage (Aug 1)
Term Labs Twitter/X Account (Aug 1)
https://x.com/TenArmorAlert/status/1916176568654958748 (Aug 5)
