Back to the board
Caught
CAPTUREDCASE TH-0051Oracle Manipulation
The Oracle
Real identityJANE DOE #0051 — IDENTIFIED
Bent the price feed, borrowed the world, vanished the diff.
Last seen
In custody — assets restrained
Active since
2022
Victims
5.6K
Hunters on case
Case closed
THREAT 3/5
Modus operandi
Targeted lending protocols that relied on a single, thin-liquidity price oracle. Used flash loans to distort the spot price, borrowed massively against the inflated collateral, and walked away with the difference — repeatedly, until protocols hardened their feeds.
Scheme
Flash-loan oracle attacks
Evidence collected
- 1Identical flash-loan attack signature across 4 protocols.
- 2Profits consolidated then partially parked on a KYC venue.
- 3Court-ordered freeze restrained $28M of proceeds.
- 4Identified via a reused contract-deployer pattern.
Crime timeline
- 2023First exploit−$21,000,000
Thin oracle manipulated via flash loan.
- 2023Repeat hits−$18,000,000
Same playbook on 3 more protocols.
- 2024-02Asset freeze+$28,000,000 recovered
Court order restrains $28M.
- 2024-03CAPTURED
Surrendered under DPA negotiation.
Tracked wallets
0x0rac1…50051
EthereumArbitrum
Known aliases
- @the_oracle
- @pricefeed_pro
#exploit#flash loan#captured#recovered