Crypto platforms Bitget and Term Finance are working to stabilize operations after facing unrelated incidents that caused significant losses. Bitget is pursuing legal action against eight accounts allegedly responsible for manipulating the market of a low-volume token, while Term Finance has managed to recover a substantial portion of user funds following an oracle misconfiguration that led to faulty liquidations.
Bitget Pursues Legal Action After Suspected $20 Million VOXEL Market Manipulation
On April 20, Bitget’s VOXEL market — which supports the native token of Polygon-based RPG game Voxie Tactics — experienced an unusual explosion in trading volume and price activity. The token’s price sharply increased, gaining more than fivefold compared to its levels just two days earlier. The sudden spike quickly triggered alarms inside Bitget, leading the exchange to suspend trading in the token and initiate a rollback of trades that occurred during the window of suspected manipulation.
At the time, Bitget issued a statement noting the occurrence of "abnormal trading activity" without providing full details. The investigation has since advanced, with Bitget identifying eight accounts suspected of being linked to what the exchange described as a "professional arbitrage" operation.
In a post on X, Bitget’s Head of Asia, Xie Jiayin, confirmed that the company will send legal letters to the accused parties — a move typically seen as a precursor to full-scale legal proceedings.
“All funds that are recovered will be returned to platform users 100 percent, via an airdrop,” Xie added, according to a translated version of the post. “We will release a full incident report on the VOXEL matter as soon as possible to present the complete facts.”
The $20 million VOXEL manipulation incident adds to a string of recent security and trading breaches plaguing the broader crypto sector. Just weeks prior, decentralized finance (DeFi) protocol Loopscale, operating on Solana, suffered a $5.8 million exploit only two weeks after its launch. Additionally, Infini, a stablecoin neobank, reported a $49 million loss following a sophisticated breach of its systems.
Bitget’s Reputation and Response Strategy
Bitget has generally positioned itself as a relatively proactive exchange when it comes to security measures, and its fast-moving response to the VOXEL incident may help limit reputational damage. Rolling back trades is a controversial move in crypto trading, but it is often seen as a necessary intervention when market fairness is at risk.
Legal action also signals Bitget’s intent to deter future attempts at market manipulation by demonstrating a willingness to pursue bad actors across jurisdictions. However, enforcement in such cases is notoriously complex, particularly when potential perpetrators operate across international borders and use pseudonymous accounts.
While Bitget has pledged to release a full post-mortem report, several critical questions remain unanswered. Chief among them are:
What loopholes or vulnerabilities allowed the abnormal trading to happen?
Was it an issue of low liquidity, poor market surveillance, or deeper systemic risk?
Were any internal or third-party systems compromised?
What new safeguards will be introduced to prevent similar incidents in the future?
The answers to these questions will likely determine whether Bitget can reinforce confidence among its users — or whether this will spark further scrutiny over the platform's risk management protocols.
As the crypto industry continues to mature, exchanges are facing growing expectations to adopt security and compliance standards comparable to those of traditional financial institutions.
Moreover, the speed with which a small group of coordinated traders can allegedly move markets and extract massive profits shows the continuing need for better monitoring, automated alerts, and rapid incident response strategies across the industry.
Term Finance Recovers $1 Million After Oracle Bug Causes $1.6 Million Loss in Treehouse Market
Meanwhile, in a detailed update posted to X, the Term Finance team explained that 223.197 ETH (roughly $400,000) was captured internally, while another 333 ETH (approximately $600,000) was successfully recovered through negotiations with affected parties. The remaining loss stands at 362.03 ETH, a significant improvement from the initial impact of 918 ETH.
“Of the original loss: 223.197 ETH was captured internally, 333 ETH was successfully negotiated for return," Term stated. "The total outstanding loss is now 362.03 ETH — significantly reduced from the original 918 ETH impact."
An Oracle Misconfiguration, Not a Hack
While the crypto community initially raised alarms over another potential DeFi security breach, Term Finance was quick to clarify that the issue stemmed from an internal bug, not a malicious attack.
The team attributed the losses to an error involving an updated Ethereum (ETH) price oracle, which incorrectly fed data to the platform's liquidation engine and triggered widespread liquidations of collateralized positions.
"This was not a hack. No smart contracts were exploited, and user funds were not directly targeted," Term Finance emphasized in its statement.
Despite the reassurances, Term has not yet provided full transparency regarding the negotiation process that led to the recovery of a portion of the lost funds. It remains unclear whether these negotiations involved settlements, incentives, or pressure from the community and industry partners.
The Difficulty of Recovering Crypto Funds
Recoveries following hacks and bugs vary dramatically in the crypto space. Even when attackers are identified or vulnerabilities are patched, retrieving stolen or lost funds remains a major challenge due to the decentralized and often anonymous nature of blockchain transactions.
Ben Zhou, CEO of crypto exchange Bybit, recently highlighted this difficulty. Following a massive $1.4 billion exploit against Bybit in February — the industry’s largest attack to date — Zhou said only a fraction of the stolen assets had been recovered. Nearly 28% of the missing funds had "gone dark," becoming untraceable after being moved across blockchain mixers, peer-to-peer networks, and over-the-counter markets. Meanwhile, just 3.84% of Bybit’s lost assets had been frozen.
Term Finance’s relative success in recovering more than $1 million offers a rare optimistic example, though it also serves as a reminder of the vulnerabilities even top DeFi protocols can face.
As DeFi platforms continue to innovate at breakneck speed, incidents like the Treehouse oracle bug underscore the critical need for rigorous testing, third-party audits, and real-time monitoring tools for core infrastructure components such as price oracles.
Term Finance has yet to outline any specific measures it will take to prevent similar incidents in the future. However, it is widely expected that the platform — and others across the DeFi sector — will re-evaluate their integration and upgrade processes for external data feeds and liquidation protocols.
In the meantime, users across the crypto ecosystem are once again reminded of the inherent risks of interacting with decentralized platforms. Despite the vision of decentralized finance offering greater transparency and fairness, vulnerabilities — whether technical bugs or security exploits — continue to threaten user funds in a rapidly evolving market.
