A golden eyeball on a pedestal
Illustration: Christopher T. Fong/Protocol

Crypto oracles are a hidden vulnerability

Protocol Fintech

Good morning, and welcome to Protocol Fintech. This Monday: the oracles of crypto, “buy now, pay later” debt, and Singapore’s fintech bash.

Off the chain

Apple’s a notoriously opaque company, and its size now lets it hide the strength of the businesses it’s incubating. Its leaders dropped precious few hints in their most recent quarterly call with analysts. Payment services set a revenue record (how much?); Apple is looking forward to rolling out a high-yield savings account (when?). Despite the hype, Apple’s financial-services push is more of a question mark than an exclamation point. It will remain that way until we get some real figures.

— Owen Thomas (email | twitter)

Oracles of risk

Data oracles, the automated feeds that provide crucial price data to smart contracts and enable trading on blockchains, are drawing increased scrutiny over their roles in recent hacks and the vulnerabilities the industry’s reliance on them creates. They’re also attracting more investment from VCs and larger crypto players who see an opportunity amid these fears.

The crucial role oracles play in crypto came to light after two hacks this month: a $114 million hack of Solana trading service Mango Markets and a smaller attack on Moola Market, both involving oracle price manipulation.

  • Oracles bring off-chain data to blockchains so they can function. Blockchains can’t execute or record trades without the market prices provided by oracles. They’re a critical piece of infrastructure, in other words, though it’s rare for anyone besides smart contract developers to pay attention to their value or dig into their vulnerabilities.
  • Many DeFi protocols rely on Chainlink, an open-source technology, to provide prices. Founded in 2017, Chainlink uses a network of interlinked oracles to provide 60% to 90% of market data across all of DeFi, according to Sergey Nazarov, co-founder of Chainlink Labs. This year it has helped process more than $6.4 trillion in transactions, he said.
  • Chainlink started on Ethereum but is now on more than 15 blockchains. It’s also looking to extend its approach to other fields like insurance and blockchain gaming.

There’s a growing interest in alternative oracles. That’s despite — or perhaps because of — Chainlink’s ubiquity.

  • Binance launched a native oracle service last week for its BNB Smart Chain. (Chainlink and other oracle providers still run on the BNB chain.)
  • API3 and Flux argue they are more decentralized than Chainlink. While Chainlink’s oracles are spread out among various nodes, their selection is still controlled by Chainlink, said Dave Connor, co-founder and business development lead at API3, which is trying to address this by managing its oracles with a DAO.
  • Nazarov said ChainLink feeds are “decentralized at the data source, oracle node, and oracle network levels,” which means they have “strong protections against downtime and tampering.”

This debate between efficiency and decentralization is common in crypto. “The reality is, over time, everything gets more centralized,” said Boris Wertz, who invests in crypto at Version One Ventures, citing bitcoin mining and ether staking as examples.

  • Some insiders say having one major provider or a small number of providers undergirding the industry presents a risk for a new industry like crypto. “I think that that’s why there’s a lot of venture money that’s going after alternatives,” said Shawn Douglass, CEO of Amberdata, which provides data to oracle networks.
  • There’s always a “good news, bad news” debate when one big player in a category does well, Wertz said. “Obviously, that player is most likely stronger in terms of security and scale than others. At the same time, if it gets manipulated, then lots of people will get affected.”
  • Nazarov said Chainlink’s size isn’t a risk, because it’s open-source and can be customized to be as secure as developers want it to be.

People disagree on how responsible oracles were for the Mango Markets attack and other incidents. But even if an oracle is correct, the way it is used can present “very significant risk,” said Austin Campbell, head of portfolio management at crypto infrastructure firm Paxos. These kinds of debates are likely to continue. As institutional players get deeper into crypto and regulators dig in, critical pieces of infrastructure like oracles are certain to get more scrutiny. Oracles may know things that aren’t on the blockchain. But their ultimate test may come in knowing themselves.

— Tomio Geron (email | twitter)

Clarification, Nov. 3: This story has been updated to clarify a point about the BNB Smart Chain.

A version of this story first appeared on Protocol.com.
Read it here.


The news is out! Join the Financial Technology Association’s inaugural Fintech Summit: Shaping the Future of Finance, produced in partnership with Protocol. Taking place in Washington, D.C., on November 16th, the Summit will examine the most pressing issues in fintech.

Learn more and reserve your spot here.

On the money

Credit card debt is back at prepandemic levels. Total card balances in the U.S. reached $916 billion in September, back to December 2019 levels after balances fell sharply during the early months of the pandemic.

Hong Kong issued a new policy statement on crypto. Seeking to bolster its fading status as a global financial hub, the autonomous region’s government said Monday it would seek “risk-based guardrails” in regulating virtual assets.

Sen. Elizabeth Warren wants stricter Zelle regulations. The senator sent a letter to the Consumer Financial Protection Bureau urging rules that root out fraud on the payments platform.

“Buy now, pay later” is pushing Gen Z into debt.Pay-later offers have enticed young consumers with little credit history, who saw it as an alternative to credit cards for the TikTok generation.

Binance is working on blockchain applications for Twitter. The crypto exchange backed Elon Musk's Twitter buyout with $500 million. Now that the deal’s gone through, it’s a coinvestor with Musk.


SEC Commissioner Hester “I’m Not Your Crypto Mom” Peirce advises caution when it comes to NFTs. “I think the SEC has provided very little clarity,” she told Decrypt. “There’s a lot of ambiguity. And in situations where there is this much ambiguity, I think people really need to be very careful. This is not the ideal state.”

Coming up

NFT San Francisco takes place Monday at the SF Jazz Center.Panels delve into NFTs and music, film, gaming, and consulting.

Global Payments reports earnings Monday. Zacks’ consensus EPS forecast is $2.38 versus $2 for the same quarter last year.

The LA Blockchain Summit runs Tuesday through Thursday. Speakers include SkyBridge Capital’s Anthony Scaramucci and Miss Teen Crypto Randi Hipper.

Paycom and SoFi report earnings Tuesday. The Zacks consensus for PAYC is EPS of $0.81 versus $0.52 last year. SOFI’s consensus is -$0.10 versus -$0.05 a year ago.

Robinhood, Zillow, and eBay announce earnings Wednesday. Zacks’ figures for HOOD are much improved, forecasting a quarterly loss of -$0.33 versus -$2.06 last year. ZG’s forecast is also turning around at -$0.28 versus -$1.22 last year. The analysts’ forecast for EBAY is unchanged from a year ago at $0.74.

The Singapore Fintech Festival runs Wednesday through Friday. Speakers include Vitalik Buterin and Melinda French Gates.

PayPal, Block, Coinbase, and Bill announce earnings Thursday. PYPL’s quarterly EPS forecast is $0.70 versus $0.90 a year ago. Analysts predict SQ will swing to a -$0.15 loss from earnings per share of $0.05 last year. And COIN’s forecast is a big swing down to $-2.23 from $1.62 a year ago. BILL’s loss is forecast at -$0.50, down slightly from -$0.47 a year ago. The company also lost the “.com” from its name recently.

Don’t miss our Protocol Enterprise event “AI and Chips: What the Future Holds for the U.S. and China,” on Thursday, Nov. 3 at 10:30 a.m. PDT/1:30 p.m. EDT. Protocol senior reporter Kate Kaye will moderate two panels on cross-border AI tech and the AI “values competition.” Save your spot now.


At the #FTAFintechSummit, we’re gathering the most important players in fintech, from founders to policy experts, regulators, and industry leaders. You’ll get access to discussions on the fintech transformations driving competition, breaking down barriers to financial services, and shaping the future of finance.

RSVP today.

Thanks for reading — see you tomorrow!

Recent Issues