The DeFi space has been hit with yet another major security breach, with the Moonwell lending contract being exploited for a whopping $1 million in Ether. The attack, which occurred earlier today, was made possible by a faulty oracle that provided an artificially inflated price feed.
This allowed the attackers to engage in arbitrage and extract funds from the lending pools, highlighting the need for DeFi protocols to prioritize security and ensure the integrity of their oracle feeds. The security breach has sent shockwaves through the crypto space, sparking concerns over the growing DeFi hacks and the need for security measures to tackle them.
Moonwell Hack: How the Attackers Manipulated the System?
In a recent X post, blockchain security auditor CertiK Alert reported that multiple exploit transactions had been detected on Moonwell’s DeFi lending contract. The exploiter had managed to repeatedly borrow over 20 wstETH with only approximately 0.02 wrstETH flashloaned and deposited. As per reports, the attacker targeted Moonwell’s smart contracts deployed on L2 networks Base and Optimism.
A faulty oracle inflated the price of the token to around $5.8 million, enabling the exploiter to reap a profit of 295 ETH, valued at about $1 million. The failure of the rsETH/ETH price feed to update correctly created a price discrepancy, allowing attackers to exploit the difference between the actual market price and the protocol’s price for arbitrage gains.
The attacker, likely an MEV bot, exploited the oracle manipulation to artificially inflate the collateral value, enabling the address to secure a large flash loan despite having a minimal deposit of 0.02 wrstETH. Due to the faulty oracle, the protocol valued this deposit at over $116,000, allowing the attacker to borrow 20 wstETH and drain Moonwell’s reserves. The CertiK post read,
“We have detected multiple exploit transactions on the Moonwell lending contract. The exploiter was able to repeatedly borrow over 20 wstETH with only ~0.02 wrstETH flashloaned and deposited due to the faulty oracle that returns wrst price of ~5.8M$ and profited 295 ETH (~$1M).”
This crypto hack comes on the heels of the recent Berachain Network hack. As recently reported, the Balancer V2 exploit on the Berachain Exchange (BEX) resulted in a loss of more than $110 million.
A History of Security Breaches
Moonwell’s history of significant losses raises concerns about its smart contract security. The platform’s troubles began with a $320,000 flash loan exploit in December 2024, targeting its USDC lending contract. This was followed by a devastating $1.7 million loss on October 10, 2025, when an exploit on its Base contract was triggered during a crypto market crash.
Now, another exploit has resulted in a substantial loss of $1 million. While the latest issue stems from price manipulation rather than a direct code hack, it’s clear that Moonwell’s reliance on external price feeds is a major weakness. On a positive note, the fact that the lending logic remains sound suggests that the problem may be more about shoring up external dependencies rather than a fundamental overhaul of the platform’s code.
As of November 4, Moonwell’s assets under Management (AUM) stood at over $234 million, having quadrupled since early 2023. However, the DeFi protocol’s TVL had previously peaked at nearly $400 million before experiencing a sharp decline, with AUM dropping from around $350 million in early October to current levels.
Moonwell (WELL) Token Plummets 50%
In response to the Moonwell hack, the WELL token has plummeted significantly, reaching a low of $0.1167. The token is down by 14% in a day, 36% in a week, and 50% in a month. Despite the hack and the subsequent downturn, traders are showing growing interest in WELL, which is reflected in the recent surge in the 24-hour trading volume to $5.92 million, up 56%.
