With Millions Lost to Oracle Exploits, Diffuse Advances a Verifiable Foundation for On-Chain Decision Making

Over the past few weeks, DeFi protocols have been hit with a string of high-profile exploits — not due to poor trading strategies, but because of failures in the very infrastructure meant to enforce trust and automation.

Less than a week ago, KiloEx, a decentralized perpetuals exchange, was exploited for $7.4 million in a cross-chain attack. While the full postmortem is still pending, the exploit reflects a growing pattern of vulnerabilities in protocols that rely on external data and bridging infrastructure. Like many oracle-driven systems, KiloEx’s failure highlights the risks of trusting intermediaries for on-chain execution.

Just weeks earlier, Polymarket, a decentralized prediction market, suffered a $7 million governance attack . Its oracle, UMA, was manipulated by a whale to twist the outcome of a prediction to their favor. Polymarket had asked whether Ukraine would strike a mineral deal with the US before April. Though the deal had not officially happened, the oracle resolved the bet as “Yes” when the whale became a top-5 staker and swayed the decision.

At the core of both incidents was a fundamental issue: the reliance on centralized or semi-trusted intermediaries like oracles , bridges, and relayers to power supposedly trustless systems. Oracles are designed to connect smart contracts with the outside world — fetching off-chain data, such as prices, events, or outcomes, and feeding them into blockchain environments. But when manipulated or misconfigured, these systems can serve as a single point of failure, causing contracts to misfire or settle based on inaccurate information.

Though significant, oracles are not the only single points of failure. Bridges and relayers, whose functions somewhat overlap with those of oracles, are also major culprits. Bridges facilitate cross-chain transfers and handle large amounts of assets, thus they are key targets of crypto bad actors.

Oracles, bridges, and relayers were never designed to be targets; however, being centralized entities make them extremely vulnerable. According to an analysis conducted by Diffuse , a zkServerless protocol that enables trustless interoperability for Web3, these vulnerabilities are responsible for most crypto exploits. Flawed oracles accounted for 49% of losses due to price manipulation attacks in 2023. Diffuse, however, is not just pointing out flaws but introducing a way to eliminate intermediaries while providing verifiable data whose origin, accuracy, and relevance can be independently confirmed on-chain.

Diffuse’s Infrastructure for Verifiable Data and Cross-Chain Confidence

The Diffuse protocol addresses DeFi’s data trust issues by rethinking how off-chain data is brought on-chain. Instead of patching up the weaknesses of vulnerable intermediaries, it retrieves verifiable data directly from public APIs. Built on the core principles of privacy, verifiable data, trustless interoperability, and permissionless access, Diffuse leverages a novel stack — zkServerless and zkTLS — to ensure that the data entering smart contracts is both valid and tamper-proof.

What zkServerless Does

According to Diffuse Protocol Docs , zkServerless uses “a verifiable TEE enclave to perform trustless requests to REST APIs. The response is then managed by a zkVM fetching the required JSON data. It also wraps the enclave verification into a ZK proof for cheaper on-chain verification.”

In simpler terms, zkServerless allows developers to define human-readable instructions tied to real-world events, ensuring those events trigger the intended smart contracts without needing a centralized intermediary. It acts as a secure bridge between Web2 and Web3 by pulling data from public sources, verifying it inside a TEE, and packaging the results into zero-knowledge proofs that are verifiable on-chain.

This enables off-chain information from platforms like Binance, Coinbase, CoinMarketCap, or Dune to be transformed into cryptographically provable, self-authenticating data streams that decentralized applications can rely on.

Diffusing Beyond Data Integrity: The Introduction and Economic Utility of Diffuse Collateral

Beyond solving data integrity challenges, Diffuse is also enabling new utility for idle or locked assets through its product, Diffuse Collateral. This system allows users to lock BTC, ETH, stablecoins, and derivatives across L1 and L2 networks and contribute them to shared security and restaking protocols such as Symbiotic, with support for EigenLayer expected in the near future.

The concept of Collateral Abstraction aims to bring greater flexibility and profitability to assets that are already locked in AMMs and lending protocols . While these assets typically support liquidity or lending, their potential to generate additional yield often goes untapped. Collateral Abstraction unlocks this value, allowing users to earn an extra 2–5% in rewards without increasing their exposure or taking on new risk.

This distinction matters. Diffuse doesn’t issue or distribute rewards itself—instead, it delivers the infrastructure that makes these systems work. In a DeFi landscape plagued by oracle failures and unverifiable data, Diffuse provides the cryptographic foundation that ensures cross-chain reward systems are not only functional, but provable.

The Road Ahead: Building for the Next Evolution of DeFi

The liquidation losses that have plagued DeFi in recent times signal that the ecosystem needs to scale in complexity and efficiency. To do this, its infrastructure must provide verifiable data, guarantee trustless interoperability, and enable economic efficiency. These are the gaps that Diffuse has stepped in to fill.

Diffuse is not just another oracle, bridge, or relayer, but a robust infrastructure where data is self-verified, execution is guaranteed, and economic utility flows across multiple chains.

It may not promise to prevent every failure, but it provides a solid way forward, a way for smart contracts to act only based on factual data, a way for assets to move across ecosystems safely, and, finally, a way for trust to be built into the fabric of DeFi infrastructure.