Moonwell recorded $1.78 million in bad debt after an oracle misconfiguration mispriced Coinbase Wrapped ETH (cbETH). The incident exposes persistent fragility in decentralized finance (DeFi) price feeds, where minor configuration errors can cascade into automated liquidations within minutes.
The Feb. 15 event followed execution of governance proposal MIP-X43, which enabled Chainlink OEV wrapper contracts across Moonwell’s core markets on Base and Optimism. According to a post-mortem published on Moonwell’s governance forum, one oracle configuration derived cbETH’s USD value using only the cbETH/ETH ratio, omitting the ETH/USD price feed. cbETH was therefore reported near $1.12 instead of roughly $2,200.
AnthiasLabs
How Did A Single Oracle Feed Create $1.78M In Losses?
Liquidation bots immediately targeted cbETH-backed positions once the faulty price propagated onchain. Because the protocol believed cbETH was worth just over $1, liquidators could repay minimal debt to seize outsized collateral. In total, 1,096.317 cbETH was liquidated, leaving $1,779,044.83 in bad debt across multiple assets, according to Moonwell.
Moonwell said internal monitoring detected the discrepancy within minutes and reduced supply and borrow caps on the affected cbETH Core Market on Base to 0.01 to halt further exposure. Yet correcting the oracle required a governance vote and timelock, allowing liquidations to continue until a formal patch could be executed. A new proposal has been introduced to address the configuration error.
The episode also drew scrutiny because the related pull request shows commits co-authored by Claude Opus 4.6, an artificial intelligence model. Smart contract auditor “pashov” noted on X that the vulnerable code was written with AI assistance, while SlowMist founder Cos said the issue reflected a low-level pricing formula error rather than a novel exploit. Mikko Ohtamaa, co-founder of Trading Protocol, added that proper integration tests and price sanity checks should have caught the mistake regardless of authorship.
🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss
— pashov (@pashov) February 17, 2026
cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code? pic.twitter.com/4p78ZZvd67
Moonwell has faced similar oracle disruptions before. In October 2025, a Chainlink pricing discrepancy involving AERO, VIRTUAL, and MORPHO led to more than $12 million in liquidations and $1.7 million in bad debt, while a November wrsETH malfunction added roughly $3.7 million in losses. The next catalyst is the governance vote to finalize the oracle correction and assess whether additional safeguards will be introduced across its Base and Optimism markets.
Moonwell's history of exploits:
— YAM 🌱 (@yieldsandmore) February 17, 2026
10.10.2025:
Chainlink’s oracle feeds priced AERO, VIRTUAL, and MORPHO lower compared to the DEX pool prices on Base. An attacker repeatedly flashloaned USDC/cbBTC, borrowed underpriced assets from Moonwell at 85-88% LTV, sold them on a DEX for… https://t.co/WRUJ8ttSTY
