{"id":"blend","title":"Blend","content":"**Blend** is a decentralized, non-custodial lending and borrowing protocol built on the [Stellar](https://iq.wiki/wiki/stellar) network's Soroban [smart contract](https://iq.wiki/wiki/smart-contract) platform. It functions as a foundational financial primitive that allows users, developers, and other protocols to create their own permissionless and isolated lending markets for any Stellar-based asset. The protocol is designed to operate without reliance on centralized governance or multisigs, emphasizing functional and decentralized infrastructure. At the time of a major exploit in February 2026, it was considered the largest lending marketplace on [Stellar](https://iq.wiki/wiki/stellar). \n\nThe development team Script3 has built applications, such as YieldBlox, on top of the Blend protocol.  [\\[1\\]](#cite-id-JFG5e41CTdwHPkoJ) [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab) \n\n## Overview\n\nBlend's core value proposition is its departure from the traditional shared-pool lending model. Instead, it provides a framework where each lending market, or pool, is a self-contained set of smart contracts. This \"isolated risk\" design ensures that a vulnerability, liquidity crisis, or bad debt event in one pool does not impact the assets or security of any other pool on the protocol. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab) This permissionless structure empowers anyone to deploy a new lending market and define its specific parameters, including collateral assets, oracle selection, and risk management settings. [\\[3\\]](#cite-id-r0dEbWO66sueapHa)​\n\nThe protocol's history has been marked by significant growth and two major security incidents involving oracle manipulation. These events have highlighted the inherent risks of its flexible and permissionless model, particularly the a reliance on price oracles configured for newly created markets, which can be vulnerable in low-liquidity environments.\n\nThe development team, Script3, has emphasized a philosophy centered on robust, functional infrastructure over complex governance structures. A statement posted on the project's official X (formerly Twitter) profile on October 14, 2025, encapsulates this view: \n\n> \"Lending markets don’t need multisigs, governance forums, or brand decks. They need to work. Blend: permissionless, isolated lending pools. Built on Soroban.\" [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)\n\n## Technology and Features\n\nBlend's architecture is built on the [Stellar](https://iq.wiki/wiki/stellar) network using the Soroban smart contract platform, enabling a range of features for decentralized lending and borrowing. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)​\n\n### Permissionless and Isolated Pools\n\nThe protocol's foundational feature is its support for permissionless pool creation. Unlike protocols with a limited set of whitelisted assets, Blend allows any user or developer to launch an independent lending pool for any Stellar-based asset. [\\[3\\]](#cite-id-r0dEbWO66sueapHa) \n\nEach pool operates in isolation, containing its own unique risk parameters and asset listings. This design is intended to contain risk; if one pool is compromised or accumulates bad debt, the other pools and their assets remain unaffected. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)​\n\n### Core Mechanics\n\n* **Lending:** Users can supply assets to a Blend pool to provide liquidity. In return, they receive interest-bearing tokens and earn a yield generated from the interest paid by borrowers.\n* **Borrowing:** Users can deposit approved assets as collateral to borrow other assets from a pool. The maximum borrowable amount is determined by the value of their collateral and the pool's specific Loan-to-Value (LTV) ratio. [\\[3\\]](#cite-id-r0dEbWO66sueapHa)\n\n### Risk Mitigation\n\n* **Backstopping:** Blend incorporates a backstopping mechanism as a layer of risk mitigation. Users, known as backstoppers, can stake assets in a specific pool to serve as a reserve liquidity source. If a pool suffers a shortfall from events like failed liquidations, these backstop funds are used to cover the losses and make lenders whole. Backstoppers are compensated for taking on this risk by earning a portion of the protocol's revenue. [\\[3\\]](#cite-id-r0dEbWO66sueapHa)\n* **Auctions:** When a borrower's position becomes undercollateralized, the protocol triggers an auction to liquidate the collateral. This process involves selling the borrower's collateral on the open market to repay the outstanding debt, which helps maintain the solvency of the lending pool. [\\[3\\]](#cite-id-r0dEbWO66sueapHa)\n\n### Oracles\n\nThe protocol relies on price oracles to ascertain the real-time value of assets used for lending and collateral. A defining feature of Blend is that pool creators are responsible for selecting and configuring the oracle for each asset in their market. While this offers flexibility, it also delegates a critical security responsibility to the pool creator. The system's reliance on oracles, particularly those using a time-weighted average price (TWAP) from on-chain decentralized exchanges (DEXs), proved to be a vulnerability in low-liquidity scenarios. [\\[3\\]](#cite-id-r0dEbWO66sueapHa) [\\[1\\]](#cite-id-JFG5e41CTdwHPkoJ)​\n\n## History and Development\n\nThe official X account for Blend was established in November 2024. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab) On December 18, 2024, the project announced the integration of Ledger hardware wallet support on its mainnet, a feature developed in collaboration with CreitTech to enhance user security. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)​\n\nIn February 2025, the team began promoting a major upcoming protocol update, which was officially announced in an April 17, 2025, video as \"V2\". This upgrade was intended to introduce more advanced features and a more robust architecture. [\\[3\\]](#cite-id-r0dEbWO66sueapHa) [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)​\n\n## Security Incidents\n\nThe Blend protocol has experienced two major exploits, both stemming from oracle price manipulation in isolated, permissionless pools.\n\n### August 2025 Exploit\n\nOn or around August 12, 2025, Blend was targeted in an attack that resulted in losses of approximately $10 million. The incident was a classic case of oracle manipulation leveraging a low-liquidity asset. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)​\n\nThe attacker exploited a price feed that was sourced from a low-liquidity pool on a Stellar-based DEX. By using a flash loan to acquire a large quantity of a thinly traded asset, the attacker was able to artificially inflate its price on the DEX. Blend's oracle read this manipulated price as the asset's legitimate value. The attacker then deposited the low-value asset as collateral at its inflated valuation and proceeded to borrow more valuable assets, such as XLM and [USDC](https://iq.wiki/wiki/usdc), draining the targeted pool. [\\[3\\]](#cite-id-r0dEbWO66sueapHa) [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab) \n\nWhile the exploit led to a total loss of funds in the affected pool, the protocol's isolated risk architecture prevented the contagion from spreading to other markets. [\\[2\\]](#cite-id-nC7aAWAtaLcpqdab)​\n\n### February 2026 Exploit\n\nDuring the weekend of February 21-22, 2026, the protocol experienced a second, more significant oracle manipulation attack, resulting in approximately $10.8 million in losses. [\\[1\\]](#cite-id-JFG5e41CTdwHPkoJ)​\n\n#### Attack Mechanism\n\nThe attack targeted a community-managed USTRY/XLM market hosted on YieldBlox, an application built on Blend. The attacker capitalized on a moment when liquidity for the yield-bearing stablecoin USTRY was temporarily withdrawn from its market. This created a 15-minute window with no trading activity. In a single transaction, the attacker manipulated the market to artificially inflate the price of USTRY from its actual value of around 100.\n\nWith the oracle reporting this inflated price, the attacker used the overvalued USTRY as collateral to borrow and drain approximately 61 million XLM and 1 million [USDC](https://iq.wiki/wiki/usdc) from the pool. The attacker subsequently bridged the stolen [USDC](https://iq.wiki/wiki/usdc) to the [Ethereum](https://iq.wiki/wiki/ethereum) network. \n\n#### Response and Recovery\n\nIn a rapid and coordinated effort, [Stellar](https://iq.wiki/wiki/stellar) network validators successfully froze the addresses holding the stolen XLM, securing around 48 million XLM, or 80% of the illicitly borrowed funds. The YieldBlox Security Council then sent an on-chain message to the attacker's address, offering a 10% white hat bounty for the return of the remaining assets. The offer included a promise of no legal action and assistance in unfreezing the 48 million XLM upon the return of the other funds. [\\[1\\]](#cite-id-JFG5e41CTdwHPkoJ)​\n\nDeveloper team Script3 issued a statement clarifying that the vulnerability was not in Blend's core smart contracts but in the specific oracle configuration of the community-managed pool. The statement read:\n\n> \"This incident was isolated to a single asset in a single community managed pool. No other Blend pools are vulnerable to the same oracle manipulation vector. There are no vulnerabilities in the Blend smart contracts.\" [\\[1\\]](#cite-id-JFG5e41CTdwHPkoJ)\n\n## BLND Token\n\nBlend has a native utility token named BLND. Based on protocol documentation mentioning emissions, the token's primary functions likely include liquidity incentives for lenders and borrowers, governance rights for voting on protocol changes, and staking within features like the backstopping mechanism. [\\[3\\]](#cite-id-r0dEbWO66sueapHa)​","summary":"Blend is a decentralized lending protocol on Stellar's Soroban platform that enables permissionless, isolated pools but has suffered from high-profile oracle exploits.","images":[{"id":"QmXH58qz7GTGS3dWKBw2xGbLj6cmAz7VQekjTFD7SmkCMa","type":"image/jpeg, image/png"}],"categories":[{"id":"defi","title":"defi"}],"tags":[{"id":"Protocols"},{"id":"Organizations"}],"media":[],"metadata":[{"id":"references","value":"[\n  {\n    \"id\": \"JFG5e41CTdwHPkoJ\",\n    \"url\": \"https://www.bankless.com/read/news/lending-market-blend-suffers-10m-exploit\",\n    \"description\": \"Bankless report on Blend protocol on Stellar\",\n    \"timestamp\": 1771954260759\n  },\n  {\n    \"id\": \"nC7aAWAtaLcpqdab\",\n    \"url\": \"https://x.com/blend\\\\_capital\",\n    \"description\": \"Official X profile for Blend on Stellar\",\n    \"timestamp\": 1771954260759\n  },\n  {\n    \"id\": \"r0dEbWO66sueapHa\",\n    \"url\": \"https://docs.blend.capital/\",\n    \"description\": \"Blend protocol documentation\",\n    \"timestamp\": 1771954260759\n  },\n  {\n    \"id\": \"OyvQLesBgiB9ghGH\",\n    \"url\": \"https://blend.capital/\",\n    \"description\": \"Source distinguishing between Base and Stellar Blend protocols\",\n    \"timestamp\": 1771954260759\n  }\n]"},{"id":"website","value":"https://blend.capital/"},{"id":"twitter_profile","value":"https://x.com/blend_capital"},{"id":"github_profile","value":"https://github.com/orgs/blend-capital/repositories"},{"id":"discord_profile","value":"https://discord.com/invite/a6CDBQQcjW"},{"id":"references","value":"https://docs.blend.capital/"},{"id":"bscscan","value":"https://bscscan.com/token/0xda52b818c1348bfee27989e2a0df39224a3e52fa"},{"id":"nansen","value":"https://app.nansen.ai/token-god-mode?chain=bnb&tab=transactions&tokenAddress=0xda52b818c1348bFee27989E2a0DF39224A3E52fA"},{"id":"commit-message","value":"\"Added Blend wiki page and DeFi category\""}],"events":[{"id":"18f6edea-8307-4be5-bbf4-956c08f8f108","date":"2024-11","title":"Blend Protocol Created","type":"CREATED","description":"The official X account for the Blend protocol on the Stellar network was created, marking the project's public inception.","link":"https://x.com/blend_capital","multiDateStart":null,"multiDateEnd":null,"continent":null,"country":null},{"id":"b7d2d813-5669-4405-a92b-420228ca3d98","date":"2025-04","title":"Blend V2 Upgrade Announced","type":"DEFAULT","description":"The Blend team officially announced the V2 upgrade of the protocol, introducing more advanced features and a more robust architecture.","link":null,"multiDateStart":null,"multiDateEnd":null,"continent":null,"country":null},{"id":"2c8b07e9-e5e9-422b-bac7-d4e9550c8c16","date":"2025-08","title":"$10M Oracle Manipulation Exploit","type":"DEFAULT","description":"Blend suffered an oracle manipulation attack targeting pools with low-liquidity oracles, resulting in the loss of approximately $10 million.","link":null,"multiDateStart":null,"multiDateEnd":null,"continent":null,"country":null},{"id":"27cf8c81-c3aa-433d-ba43-4aee1a949816","date":"2026-02","title":"$10.8M Oracle Manipulation Exploit","type":"DEFAULT","description":"A community-managed USTRY/XLM pool was exploited via oracle manipulation, leading to a loss of $10.8 million. Stellar validators froze approximately 80% of the stolen funds.","link":"https://www.bankless.com/read/news/lending-market-blend-suffers-10m-exploit","multiDateStart":null,"multiDateEnd":null,"continent":null,"country":null}],"user":{"id":"0x8af7a19a26d8fbc48defb35aefb15ec8c407f889"},"author":{"id":"0x8af7a19a26d8fbc48defb35aefb15ec8c407f889"},"operator":{"id":"0x212Cb3F4aE6611054637f9f78F18fB628AD258bb"},"language":"en","version":1,"linkedWikis":{"blockchains":["stellar","ethereum"],"founders":[],"speakers":[]}}