Education

Learn Pyth

Interactive guides explaining how Pyth's oracle network works — with live data examples pulled directly from the feeds.

5 min read

How Pyth's Pull Oracle Works

Why Pyth is different from push-based oracles and how the pull model dramatically reduces on-chain costs.

Read guide
7 min read

What Confidence Intervals Really Mean

The ±CI on every Pyth price update — what it measures, how it's computed, and how calibrated it is.

Read guide
5 min read

Verifiable Randomness with Pyth Entropy

How Entropy generates on-chain randomness that nobody — including Pyth — can predict or manipulate.

Read guide
4 min read

Pyth Pro & Benchmarks — Historical Oracle Data

How Pyth Benchmarks powers the volatility dashboard and calibration analysis — and how developers can query the full historical price archive.

Read guide
Live Case StudyFebruary 2026$388,307 stolen

The $388K Oracle Mismatch: @ploutos_money Exploit

A DeFi lending protocol was drained in a single transaction because it used the wrong Chainlink price feed. This is a textbook oracle misconfiguration — and exactly the class of failure Pyth's design prevents.

Attack anatomy
1
Oracle misconfiguration
The protocol configured the BTC/USD Chainlink feed as the price source for USDC collateral — a stablecoin whose value should always be ≈ $1.00.
2
Inflated collateral value
BTC/USD was trading at ~$80,000+. The protocol read this and believed 1 USDC = $80,000 — an 80,000× inflation of its real value.
3
Exploit: 8 USDC → 187 ETH
Attacker deposited 8.879 USDC (~$8.88 real value). Protocol calculated collateral = 8.879 × $80,000 = ~$710,000. They borrowed 187.36 ETH ($388,307) against it and walked away.
4
Net profit: $376,674
After paying $11,632 to a block builder (MEV tip), the attacker kept $376,674. Total attack cost: $8.88 in USDC.
How Pyth's design prevents this

Every Pyth price feed carries a symbol identifier and a confidence interval (CI). A correctly integrated Pyth feed for USDC should query Crypto.USDC/USD — which publishes at ≈ $1.0000 with a CI of ±$0.0003 (0.03% uncertainty).

If you accidentally query Crypto.BTC/USD for USDC pricing, Pyth returns ≈ $80,000 with a CI of ±$400 (0.5% uncertainty). A stablecoin with a ±$400 confidence band is an immediate on-chain red flag — protocols can enforce CI width limits as a circuit breaker.

The CI is a free, built-in sanity check. Any protocol that enforces require(confPct < 0.5%, "Oracle too uncertain") would have rejected the malicious BTC/USD feed for a stablecoin and the exploit would have failed at the smart contract level — automatically, with zero additional code.

Live CI comparison — right now
Correct: USDC/USD
≈ $1.0000
CI: ±$0.0003 · <0.03%
Tight CI → high oracle certainty → safe to use as collateral price
Wrong: BTC/USD for USDC
≈ $84,000
CI: ±$420 · ~0.5%
Wide CI for a stablecoin → immediate red flag → circuit breaker fires
See live CI calibration analysis →Compare USDC/USD vs BTC/USD live →