TYPUS FINANCE

DESCRIPTION OF EVENTS

Typus Finance is a decentralized derivatives protocol built on the Sui Blockchain, offering advanced trading solutions for options and perpetual contracts. By integrating key features like Dutch auction pricing, strategy vaults, and liquidity solutions, Typus aims to provide a more efficient, transparent, and accessible trading environment for both retail and institutional users. The platform seeks to democratize access to financial tools traditionally reserved for mature markets, improving capital efficiency and flexibility for traders.

The protocol innovatively combines options and perpetual contracts, bridging the gap between separate markets in decentralized finance (DeFi). This integration provides users with enhanced capital efficiency, as they can leverage profits from options trades as collateral for perpetual futures, optimizing risk management and returns. Typus's Dutch auction mechanism ensures liquidity and optimal price discovery, even for less active assets, while the perpetual futures offering allows traders to maintain exposure without settlement dates.

Built on the advanced Sui blockchain, Typus Finance benefits from low latency, parallel transaction processing, and cost-effectiveness, fostering a seamless trading experience. The platform's open, composable architecture encourages integration with other Sui-based DeFi protocols, promoting innovation and collaboration within the ecosystem. Typus aims to become the leading derivatives hub on the Sui Network, continuously expanding its offerings and enhancing security to meet the growing demand for decentralized financial instruments.

A flaw in the Typus Finance smart contract stemmed from a missing assert check in the `update_v2` function of the oracle module. This vulnerability bypassed the authorization check, allowing any address to manipulate oracle prices, which opened the door for the exploit. In addition, the oracle module, deployed in November 2024, was not included in the scope of the May 2025 audit by MoveBit. An on-chain monitoring system was not configured to detect this specific type of exploit in real time, delaying the response and detection of the attack.

On October 15, 2025, Typus Finance suffered a significant breach when an attacker exploited a critical vulnerability in its oracle module to drain funds from the TLP contract. The root cause was a combination of a technical flaw in the code and process-related oversights. Specifically, the issue stemmed from a missing assert check in the update_v2 function, which allowed unauthorized updates to oracle prices, enabling the attacker to manipulate the system.

The technical vulnerability was a missing authorization check in the oracle module, which bypassed security measures and let any address update critical pricing data. This flaw in the update_v2 function gave the attacker the ability to alter the oracle prices and drain funds from the contract. The oversight went undetected due to gaps in the system’s security checks.

Two process-related factors worsened the situation. First, the vulnerable oracle module, deployed in November 2024, was not covered by the May 2025 audit by MoveBit. Second, the on-chain monitoring service was not configured to detect this specific type of exploit in real time, delaying the identification and response to the attack. These oversights compounded the severity of the exploit, leading to significant financial loss.

According to the post-incident analysis report, the stolen assets include 588,357.9 SUI, 1,604,034.7 USDC, 0.6 xBTC, and 32.227 suiETH, with an estimated total value of approximately USD 3.44 million.

Upon detection of the exploit, Typus Finance took swift action to mitigate further damage. Within 15 minutes, all protocol smart contracts were paused to prevent additional funds from being drained. It was confirmed that user funds in personal wallets, as well as those in the SAFU and DeFi Options Vaults, were not affected. Additionally, collateral for open positions remained secure, as it is kept separate from the TLP contract.

The Typus team immediately engaged with several security partners, including the Sui Foundation, Mysten Labs, MoveBit, SlowMist, and Hypernative, to assist in investigating the breach and tracing the stolen funds. This collaboration is focused on identifying the flow of funds and ensuring a comprehensive response to the incident.

Efforts to trace the exploited funds are actively underway as Typus Finance works with security partners to track the stolen assets. In parallel, the team is focused on redeveloping and redeploying a more secure set of smart contracts to replace the compromised version, ensuring that future vulnerabilities are addressed. These new contracts will incorporate enhanced security features to prevent similar exploits from occurring.

In addition to technical responses, the Typus team is formulating a plan to address the financial losses incurred by TLP liquidity providers. Once a clear recovery strategy is finalized, a formal announcement will be made. Moving forward, Typus Finance is committed to resolving the issue, improving its security measures, and providing transparent updates to the community as the situation evolves.

Efforts to trace the exploited funds are actively underway as Typus Finance works with security partners to track the stolen assets.

To address the vulnerability and prevent future incidents, Typus Finance plans to redeploy a new set of more secure smart contracts. These will replace the current, compromised version and incorporate enhanced security measures to prevent similar attacks.

On October 15, 2025, Typus Finance experienced a breach due to a vulnerability in its oracle module, where a missing authorization check in the `update_v2` function allowed an attacker to manipulate oracle prices and drain funds from the TLP contract. This issue was compounded by the module’s exclusion from a May 2025 audit and insufficient detection capabilities in the on-chain monitoring system. In response, Typus quickly paused all smart contracts, confirmed user funds in personal wallets and secure vaults were unaffected, and engaged security partners to trace the stolen assets. The team is now redeveloping more secure contracts and formulating a recovery plan for TLP liquidity providers, with ongoing updates to the community on the resolution efforts.

Typus Finance TLP Oracle Exploit: Post-Mortem Report & Response Plan - Medium (Oct 27)
First Malicious Transaction - SUI Vision (Oct 27)
All Typus Finance Contracts Paused - SUI Vision (Oct 27)
Typus Finance Homepage (Oct 27)
Typus Finance Documentation (Oct 27)

More case studies

Watt Protocol Twitter/X
Takeover Solana Tokens Launched

Sharwa Finance Margin Trading
Sandwich Attack Solvency Flaw