On April 26, 2025, an update to our tETH oracle introduced an internal inconsistency in decimal handling, leading to incorrect pricing of the tETH asset within the protocol. This incorrect pricing triggered unintended liquidations, resulting in approximately 918 ETH in affected liquidations. There were no broader systemic risks to the protocol.
The failure was the result of internal human error during a sensitive system update. This incident reflects not a weakness in code or smart contracts, but a failure of operational execution and judgment.
Through immediate containment and negotiation efforts, Term recovered approximately 556 ETH, reducing the final protocol loss to 362 ETH (~$650,000). All affected users will be fully reimbursed, and protocol operations remain stable.
We accept full responsibility for the incident.
This postmortem outlines what happened, the immediate recovery actions, and the deeper operational and governance upgrades already underway to strengthen Term moving forward.
During an internal update to the tETH oracle, a mismatch in decimal precision between oracle components was introduced. This inconsistency caused incorrect price outputs for tETH.
The error was purely internal and procedural. No smart contracts were exploited, and no external actors manipulated the oracle, and there were no errors or issues with the underlying tETH asset or Treehouse’s issuance infrastructure.
An anonymous liquidator executed liquidations during the window when the incorrect tETH price was live, operating according to the on-chain rules.
We contacted the liquidator after the event. While they initially declined voluntary remediation, as of this writing, the liquidator has returned approximately half of the affected assets and communications are ongoing to potentially recoup more.
Regardless, Term accepts full responsibility for ensuring the integrity of its systems and will fully reimburse impacted users.
We have secured full funding to reimburse all users affected by the tETH liquidation event.
Reimbursement will occur as follows:
Because this incident arose from an operational execution error — not a code or smart contract vulnerability — our remediation focuses on strengthening internal validation, governance transparency, and risk management disciplines to reinforce Term’s operational integrity.
Following the tETH oracle incident, Term has implemented the following key operational upgrades:
Term is introducing mandatory third-party validation for all critical oracle updates and protocol parameter changes.
We are in the process of onboarding an external auditor to perform this role, which will be phased in over the coming weeks.
Until full onboarding is complete, all critical changes require heightened internal review and elevating the scrutiny and operational procedure multi-party approvals.
This creates a permanent external check on critical system operations, ensuring trust is based not just on internal discipline but enforceable independent review.
Term’s commitment to governance-driven transparency was already underway prior to this incident, with material actions and critical system changes automatically posted through governance channels (https://www.tally.xyz/gov/term)
While the governance infrastructure was already operational, it had not yet been formally introduced to the community.
This system allows users and TERM holders to receive timely updates whenever new governance proposals — including sensitive protocol changes — are submitted for review and veto.
We encourage all stakeholders to monitor this page directly or subscribe to updates to stay informed of material system developments.
A more detailed blog post explaining Term’s governance structure, proposal processes, and how users can participate will be published shortly.
Term has long maintained a formal checklist review for onboarding new oracles, including:
Following this incident, we have extended and formalized these protections to cover not just new deployments, but also any updates or patches to existing oracles.
Escalation of ambiguous or risk-sensitive system changes to senior engineering leadership has always been a core expectation at Term.
Following this incident, we have reinforced and formalized escalation triggers to ensure that judgment moments are actively recognized and acted upon prior to deployment.
Proactive critical thinking and operational discipline have always been core expectations at Term. Following this incident, we have reinforced these standards by reassigning second-party review responsibilities to align with precision operating requirements.
Only individuals demonstrating full caution, operational rigor, and critical awareness will conduct independent validations and approve sensitive protocol changes.
This adjustment ensures that second-party reviews — which are critical to system safety — are treated with the same seriousness as primary development itself.
Beyond checklist compliance, proactive critical review, immediate escalation where necessary, and operational rigor are now explicitly embedded across all sensitive workflows.
While external validation provides an important backstop, daily operational responsibility remains fully internalized.
This reassignment directly addresses the operational gap that allowed the decimal mismatch error to occur during the oracle update process.
We deeply regret the impact this event had on our users and community. Trust is foundational in DeFi — and trust cannot be requested; it must be rebuilt through consistent, verifiable action.
We are committed to full transparency, operational hardening, and the introduction of enforceable external validation to ensure that Term operates at the level users deserve. We know that rebuilding trust will take time, and we are committed to that work without shortcuts.
Thank you to all users, partners, and community members who continue to support us through this process.
