Key Highlights
- Moonwell lost $1.78M after an oracle glitch mispriced cbETH, showing even small DeFi errors can cost millions.
- AI-written code by Claude Opus 4.6 contributed to the bug, highlighting the need for human review in DeFi development.
- Liquidators seized cbETH unfairly, sparking governance proposals for borrowing caps and stronger oracle checks.
DeFi lending protocol Moonwell suffered a major $1.78 million loss after an oracle configuration error mispriced cbETH. The incident, traced to a low-level mistake in the price feed formula, caused cbETH’s value to register at $1.12 instead of roughly $2,200.
Blockchain auditor pashov posted on X that the problematic code was written jointly by Claude Opus 4.6, an AI code writer. Moonwell’s risk manager, anthiasxyz, acted quickly to cut back borrowing and supply by lowering caps, but liquidations were already in progress.
The problem appeared on February 15, 2026, shortly after MIP-X43 activated Chainlink OEV wrapper contracts on Base and Optimism. Instead of computing the cbETH price in USD by multiplying the cbETH/ETH exchange rate by ETH/USD, the oracle called only the cbETH/ETH exchange rate.
This led to the liquidators being able to seize a substantial amount of cbETH in return for repaying only a fraction of the borrowed amount. Some of the borrowers ended up losing almost all of their collateral, while others exploited the incorrect pricing to borrow more than they should, increasing the bad debt in the protocol. The estimated total loss in the situation is $1.78 million, according to Moonwell, which is primarily due to cbETH, WETH, and USDC.
AI coding under scrutiny
The Moonwell loss has raised concerns about using AI in DeFi coding. Pashov said, “Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss.” While AI contributed to the mistake, humans were reviewing the code, and Moonwell confirmed that oversight was part of the process.
SlowMist Founder Cos described it as a “very low-level” bug, emphasizing the importance of oracle setup being spot on. This could be the first major hack to involve “vibe-coded” Solidity written using AI, which is becoming increasingly prevalent in the DeFi space.
Community response and governance
The Moonwell community forum has been abuzz with activity since the incident. UserNate explained that he lost 2.6 cbETH and some leveraged positions, but emphasized that the issue was with the protocol bug and not with market fluctuations.
Stevex proposed establishing a borrowing cap per wallet to prevent the pool from being depleted in the event of future mistakes. Luke proposed determining liquidation fees to assist with planning for compensating users.
Moonwell, confirming on X, said that other markets on Base or Optimism were unaffected. The team said that a governance proposal is expected to fix oracle mistakes after the mandatory five-day timelock.
In the meantime, liquidations are still happening, and users need to track their net losses carefully. Moonwell also had a price misreporting incident in November, but the team clarified that the then $1 million incident wasn’t a hack but a misreported price, highlighting the ongoing importance of strong oracle checks.
The Moonwell glitch shows how fragile DeFi platforms can be when their price feeds are wrong. Even small mistakes can cost millions. Using AI to write code adds convenience, but humans still need to double-check everything. Platforms should have stronger safety checks and clear rules to protect users’ money.
Also Read: Crypto Miner Rhodium Hit With Lawsuit Over Legal Fee Clash
