Moonwell’s $1.78M Oopsie: AI Can’t Even!

by

Key Highlights

  • Moonwell lost $1.78M because a glitch thought cbETH was worth less than a fancy coffee. DeFi: where small errors cost more than your first mortgage.
  • Claude Opus 4.6, the AI that can’t handle basic math, wrote the code. Spoiler: humans still need to proofread.
  • Liquidators went wild, seizing cbETH like it was a Black Friday sale. Governance now wants to cap borrowing-because nothing says “safety” like a bureaucratic slowdown.

Moonwell, the DeFi protocol with a talent for turning “innovation” into “oh no,” just lost $1.78 million. How? An oracle glitch decided cbETH was priced at $1.12 instead of $2,200. Imagine paying $1 for a Tesla. Or, worse, a DeFi asset.

Blockchain auditor pashov dropped the truth bomb on X: the code was co-authored by Claude Opus 4.6, an AI that clearly needs a refresher in basic arithmetic. Moonwell’s risk manager, anthiasxyz, scrambled to lower borrowing caps, but by then, liquidators were already partying like it was 2023.

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss

cbETH asset’s price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude – Is this the first hack of vibe-coded Solidity code?

– pashov (@pashov) February 17, 2026

The chaos began on February 15, 2026, after MIP-X43 activated Chainlink OEV wrapper contracts. Instead of multiplying cbETH/ETH by ETH/USD to get the real price, the oracle skipped a step and just called cbETH/ETH. Classic. This let liquidators grab cbETH while repaying a fraction of what they owed. Borrowers lost everything; others leveraged the glitch to borrow more, creating a financial equivalent of a toddler with a credit card.

AI Coding: The New “I’ll Do It Myself” Disaster

Pashov’s verdict? “Claude Opus 4.6 wrote vulnerable code…” Cue the eye-rolls. While AI technically caused the mess, Moonwell claims humans reviewed the code. Presumably, they nodded and said, “Looks good!” before disaster struck. SlowMist’s Cos called it a “very low-level” bug, which in hacker speak means “you forgot to add 2+2.” Oracle setup? Spot on. Or spot off, apparently.

This might be the first major hack involving “vibe-coded” Solidity. Because nothing says professionalism like letting an AI write your code and then winging the review.

Community Reacts: “Not My Fault, It’s the Protocol!”

The Moonwell forum exploded. UserNate lost 2.6 cbETH and some leveraged bets but blamed the protocol-not the market. Fair. Stevex suggested borrowing caps per wallet, because nothing says “prevention” like limiting how much people can borrow. Luke proposed liquidation fees to fund user compensation. Because why not turn losses into a revenue stream?

Moonwell’s X update claimed no other markets were affected. The team plans to fix oracle errors post five-day timelock. Meanwhile, liquidations continue, and users are advised to track their losses. Moonwell also had a $1M “misreported price” incident in November. DeFi: where mistakes are just… routine.

Update on yesterday’s cbETH Core Market issue:

No other markets on Base or OP Mainnet were affected. The issue is isolated to the cbETH Core Market on Base.

Once identified, our risk manager @anthiasxyz moved quickly to reduce the cbETH borrow cap to 0.01 to contain further…

– Moonwell (@MoonwellDeFi) February 16, 2026

In conclusion, Moonwell’s glitch proves DeFi is a game of high stakes and lower IQs. Even minor oracle errors can cost millions. AI might write code, but it still needs a human to double-check. Platforms, take note: stronger safety checks and clearer rules are less “hack” and more “common sense.” Until then, enjoy the chaos-and maybe invest in therapy.

Read More

2026-02-18 09:10