Moonwell was exploited for about $1.78 million after a governance proposal misconfigured a price oracle, causing Coinbase Wrapped Staked ETH to be valued at roughly $1.12 instead of about $2,200.
The decentralised lending protocol, deployed on Base and Optimism, said the error stemmed from using only the cbETH/ETH exchange rate in the oracle, allowing liquidation bots and opportunistic borrowers to exploit the mispricing and leave bad debt.
In a post-mortem, Moonwell said the misconfiguration followed execution of a governance proposal, while security auditor Pashov linked the issue to pull requests showing multiple commits co-authored by Anthropic’s Claude Opus 4.6.
Pashov said the developer had used Claude to help write the Solidity code, adding that “the developer was using Claude to write the code, and this has led to the vulnerability,” though he later cautioned that even senior developers could have made a similar mistake.
He argued the flaw “could have been caught with an integration test, a proper one, integrating with the blockchain,” noting that Moonwell said it had conducted unit and integration tests and commissioned an audit from Halborn.
While the $1.78 million loss is modest compared to major DeFi exploits such as the $600 million Ronin bridge hack in 2022, the incident has intensified debate around AI-assisted smart contract development and governance oversight.
Fraser Edwards, chief executive of cheqd, said AI-generated code can be useful at the minimal viable product stage but “should not be treated as a shortcut to production-ready infrastructure,” stressing that AI outputs must be subject to strict peer review, testing and governance controls.
At the time of reporting, Moonwell price was $0.004248.