Singularity_Fi lost $413K after an invalid Uniswap V3 fee tier silently broke its oracle. A $464K JUDAO drain hit BNB Chain the same week.
On January 19, a Singularity_Fi protocol admin registered six yield-token oracle routes using a Uniswap V3 fee tier of 42. Uniswap V3 only supports four valid fee tiers: 100, 500, 3000, and 10000.
According to DefimonAlerts on X, every call to factory.getPool() using that invalid tier returned address(0). The direct price path broke silently. No alarm. No revert.
The dynBaseUSDCv3 vault on Base kept running. It just had no idea what its assets were worth.
The Vault Thought It Had $100. It Had More.
WETH fallback pools existed but carried zero liquidity. So VaultTokensLib.totalAssets() counted only the roughly $100 in idle USDC sitting in the vault. Everything else, the actual yield tokens, read as nothing.
Three months passed.
The attacker flash-loaned 100,000 USDC from Morpho. Deposited into the vault. Minted close to 99.99% of total supply at that broken ratio. The mint went through without issue, because the oracle said the vault was nearly empty.
Then came the redemption. Tokens redeemed proportionally against every actual token balance, completely independent of the oracle. The underlying yield tokens went with it. Per DefimonAlerts, total damage landed at approximately $413,000. The transaction is visible on Basescan. The original fee configuration transaction is also on-chain, timestamped January.
Singularity_Fi confirmed the incident in a Telegram post. A full post-mortem is expected, per the protocol’s own announcement.
This is part of a worsening pattern. April 2026 crypto losses have already crossed $620 million, with oracle misconfigurations among the recurring attack types.
BNB Chain Did Not Wait Its Turn
Two days later, a different protocol. A different chain. A similar outcome.
DefimonAlerts flagged a second incident on X on April 28. JUDAO, a token trading on PancakeSwap with a reported TVL of $22.3 million, lost approximately $464,000 in a deflationary LP drain.
The JUDAO contract contains a custom _update() transfer function. Two mechanisms fire on every sell. First, an “isBurnPair” check burns or redistributes JUDAO equal to the sell size directly from the pair’s reserves when price has not risen more than 5% from the previous day. Second, a sync() mining mechanism drains roughly 2% of the pair’s JUDAO reserves to a dead address and mining rewards on each sell.
The attacker flash-loaned around 2.3 million USDT from Moolah. Bought approximately 5.5 million JUDAO. Sold a portion. Both drain mechanisms triggered simultaneously.
The pair’s reserves skewed. Remaining JUDAO swapped back for significantly more USDT than originally spent. Profit came out to roughly $205,000 USDT plus 36 BNB. At current prices, that BNB portion adds another $22,600 or so. The transaction is recorded on BSCScan.
The JUDAO token is not listed on CoinGecko. Market cap remains unknown.
The Config Was the Exploit
Neither attack used a novel technique. No bridge, no governance manipulation, nothing exotic. A typo in a fee tier. A tokenomics design that punishes its own liquidity pool.
The Moonwell case on Base earlier this year followed a similar path, an oracle formula error that went undetected until a $1.78 million loss made it visible. Configurations break quietly. Exploits announce themselves.
The Singularity_Fi oracle contract address is publicly viewable. The victim vault sits at a separate address on Base. The JUDAO LP pair address on BNB Chain is also on-chain.
DefimonAlerts noted the Singularity_Fi report is preliminary. A formal post-mortem from the protocol is still pending.
