Share
Within hours of Chainlink posting a sweeping list of institutional connections spanning SWIFT, J.P. Morgan, Euroclear, UBS, and S&P Global, Ethereum co-founder Vitalik Buterin weighed in on a separate thread with three words: “do oracles too.” What followed was a pointed warning about the state of oracle infrastructure that landed squarely in Chainlink’s territory, even if his remarks were not addressed to the company directly.
Swift ⇄ Chainlink ⇄ Ethereum ⇄ Chainlink ⇄ Euroclear ⇄ Chainlink ⇄ Canton ⇄ Chainlink ⇄ J.P. Morgan ⇄ Chainlink ⇄ Solana ⇄ Chainlink ⇄ Euroclear ⇄ Chainlink ⇄ Hyperliquid ⇄ Chainlink ⇄ UBS ⇄ Chainlink ⇄ Base ⇄ Chainlink ⇄ S&P Global ⇄ Chainlink ⇄ TRON ⇄… pic.twitter.com/RpM08d667u
— Chainlink (@chainlink) May 24, 2026
Buterin’s reply came in the context of a broader conversation about Ethereum’s maturity and readiness for institutional adoption. His message was blunt. He described himself as “fully serious” when stating that ensuring oracle resilience and decentralization is more important than progressing from stage one to stage two on Ethereum’s roadmap. For a community that has spent years debating rollup milestones and upgrade sequencing, that is a significant reordering of priorities.
Buterin said there were “lots of skeletons in the closet” in the oracle space, implying known, unaddressed risks sitting beneath the surface of an infrastructure layer that the entire decentralized finance (DeFi) ecosystem depends on. When listing priority areas previously, Buterin had already highlighted oracle security and decentralization, warning the ecosystem needs to point sustained attention at the problem, describing the accumulation of unresolved risks as significant.
Oracles serve as the link between blockchain networks and real-world information. In prediction markets and DeFi protocols, they determine what actually happened and which side of a trade prevails. Even when the trading layer of a protocol operates in a fully decentralized manner, the entire system becomes unreliable if the oracle malfunctions, is compromised, or is manipulated.
This is not a new concern for Buterin. In January 2026, he outlined three problems with decentralized stablecoins, placing oracle design that is not capturable with a large pool of money as the second of three core issues requiring resolution, alongside index construction and staking yield dynamics.
Chainlink’s post catalogued its middleware position across an expanding list of traditional finance and blockchain infrastructure partners. The company has spent the past two years aggressively positioning itself as the connective tissue between legacy financial systems and onchain networks, with integrations spanning major global custodians, exchanges, and data providers. Its Smart Value Recapture product has returned over $18 million in recaptured maximum extractable value (MEV) to DeFi protocols. Its Cross-Chain Interoperability Protocol is being piloted by institutional players, including SWIFT, for tokenized asset settlement.
The gap Buterin is pointing at sits between that commercial expansion and the underlying security architecture. The larger and more systemic Chainlink’s role becomes, the more consequential any failure or compromise of its oracle network would be. An oracle provider embedded in SWIFT settlement flows, institutional custody infrastructure, and DeFi liquidation systems simultaneously represents a concentration of critical dependency that warrants the level of scrutiny Buterin is calling for.
His position does not reject innovation in the oracle space. It underscores the need to reinforce core infrastructure as the sector grows. The specific upgrade he has advocated for is private voting among oracle attesters, a mechanism that would make it harder for a well-capitalized actor to predict how individual nodes will vote and coordinate an attack around that knowledge.
The StablR exploit, 24 hours earlier, added concrete weight to the abstract concern. That attack did not touch Chainlink’s infrastructure, but it demonstrated how governance and key management failures at the issuer layer can destroy a regulated stablecoin in minutes. The same logic applies to oracle networks operating at an institutional scale: The risk is not always in the smart contract; sometimes, it is in who controls the keys and how authority is distributed among the people running the system.
Buterin’s intervention is a public signal that the Ethereum ecosystem’s most prominent voice does not consider oracle security a solved problem, regardless of how many institutional logos appear on a partner slide.
Share
preferred on
