Moonwell Exploit: AI-Coded $1.78M Oracle Flaw

A governance failure at the Moonwell DeFi lending protocol enabled exploiters to extract approximately $1.78 million in bad debt this week. Attackers exploited a severe mispricing of Coinbase Wrapped Staked ETH (cbETH) after a faulty oracle reported its value at $1.12 instead of $2,200.

The team said the error stemmed from a Sunday governance action that misconfigured the cbETH price feed. Consequently, liquidation bots and opportunistic borrowers quickly capitalized on the pricing discrepancy for profit.

Security auditor Pashov publicly flagged that the pull requests for the affected contracts showed multiple commits co-authored by AI. He later cautioned, however, against treating the flaw as uniquely AI-driven, stating it was a mistake even a senior developer could make.

The real issue, according to Pashov, was insufficient rigorous checks and end-to-end validation. He argued the mispricing could have been caught with a proper integration test that interacted with the blockchain. Meanwhile, the protocol noted it had commissioned an audit from Halborn and conducted unit tests, which failed to prevent the incident.

Fraser Edwards, CEO of cheqd, told Cointelegraph that AI-assisted development requires strict governance. He argued all AI-generated smart contract code should be treated as untrusted input within a disciplined engineering process.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Three Intelligent Workflows to Automate Security & IT Tasks
• California Sets July 2026 Crypto License Deadline
• US Bitcoin ETFs See $105M Outflows as Trading Slows
• India’s US and EU Trade Deals Mark Global Turning Point
• Hyperscaler Deals Keep AI Data Center Story Intact: Roth