- Moonwell, a DeFi protocol, lost roughly $1.78 million due to a misconfigured price oracle for cbETH.
- A governance proposal set the wrong exchange rate, causing the oracle to report cbETH at about $1.12 instead of its actual value near $2,200.
- Multiple commits in the vulnerable code were co-authored by Anthropic’s Claude Opus 4.6, spotlighting risks in AI-assisted development.
- The incident highlights the critical need for rigorous validation, even for code that has undergone audits and testing.
A governance failure at the Moonwell DeFi lending protocol enabled exploiters to extract approximately $1.78 million in bad debt this week. Attackers exploited a severe mispricing of Coinbase Wrapped Staked ETH (cbETH) after a faulty oracle reported its value at $1.12 instead of $2,200.
The team said the error stemmed from a Sunday governance action that misconfigured the cbETH price feed. Consequently, liquidation bots and opportunistic borrowers quickly capitalized on the pricing discrepancy for profit.
Security auditor Pashov publicly flagged that the pull requests for the affected contracts showed multiple commits co-authored by AI. He later cautioned, however, against treating the flaw as uniquely AI-driven, stating it was a mistake even a senior developer could make.
The real issue, according to Pashov, was insufficient rigorous checks and end-to-end validation. He argued the mispricing could have been caught with a proper integration test that interacted with the blockchain. Meanwhile, the protocol noted it had commissioned an audit from Halborn and conducted unit tests, which failed to prevent the incident.
Fraser Edwards, CEO of cheqd, told Cointelegraph that AI-assisted development requires strict governance. He argued all AI-generated smart contract code should be treated as untrusted input within a disciplined engineering process.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
