Moonwell’s $1.12 error: A pricing malfunction allowed bots to acquire millions in ETH collateral.

A misconfigured Chainlink price oracle on DeFi lender Moonwell temporarily assessed Coinbase Wrapped ETH (cbETH) at approximately $1 instead of around $2,200.

What to know:

• A misconfigured Chainlink price oracle on DeFi lender Moonwell briefly assessed Coinbase Wrapped ETH (cbETH) at around $1 instead of approximately $2,200, resulting in the protocol incurring nearly $1.8 million in bad debt.
• The mistake, caused by a governance-approved oracle modification that relied solely on the cbETH-to-ETH ratio, permitted liquidation bots to appropriate 1,096.317 cbETH as if it held minimal value and enabled certain users to borrow at low costs against insignificant collateral.
• Moonwell swiftly reduced supply and borrowing limits but could not promptly rectify the oracle due to the necessity of a governance vote and a five-day timelock, highlighting the significance and vulnerability of price oracles for DeFi applications.

A pricing discrepancy that persisted for mere minutes has left DeFi lender Moonwell with nearly $1.8 million in bad debt following a software malfunction that caused the valuation of Coinbase Wrapped ETH (cbETH) to plummet to $1, rather than around $2,200, on the platform.

The technical failure occurred because a system update led the platform to evaluate cbETH based solely on its connection to ETH (approximately 1.12), neglecting to consider the actual USD price of ether.

STORY CONTINUES BELOWDon’t miss another story.Subscribe to the The Protocol Newsletter today. See all newslettersSign me upBy signing up, you will receive emails about CoinDesk products and you agree to our terms & conditions and privacy policy.

Consequently, the protocol misinterpreted cbETH as having a value of roughly $1.12, according to an incident summary.

The problem began when a governance proposal activated new Chainlink oracle settings across Moonwell markets on Base and Optimism networks. An oracle serves as a mechanism that retrieves real-time data before it is recorded on a blockchain.

In lending platforms like Moonwell, users put up assets such as cbETH as collateral and borrow other tokens against them. If collateral falls below stipulated thresholds, automated liquidation processes are invoked, enabling bots to repay debts and confiscate collateral at a reduced price.

When cbETH seemed to drop from over $2,000 to just above $1, liquidation bots acted promptly. Since the protocol perceived the token as nearly valueless, liquidators could repay approximately $1 of debt to obtain one cbETH.

Risk management firm Anthias Labs reported that 1,096.317 cbETH ($2.44 million) was taken, erasing borrower collateral while leaving the protocol with bad debt across multiple markets.

This erroneous pricing also allowed a smaller subset of users to deposit minimal collateral and borrow cbETH at the artificially diminished valuation, exacerbating losses.

Moonwell quickly limited supply and borrowing caps to mitigate the impact. However, addressing the oracle required a governance vote and a five-day timelock, hindering an immediate resolution.

This incident serves as a recent reminder that price oracles are essential infrastructure and represent a significant point of vulnerability for DeFi applications. When they malfunction, the smart contracts execute as programmed, but the financial repercussions affect the balance sheet.

Additionally, security auditor Krum Pashov pointed out that GitHub commits related to the proposal were co-authored by Claude Opus 4.6, an AI coding assistant, sparking discussions about whether automated “vibe coding” played a role in the flawed oracle logic.

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss

cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude – Is this the first hack of vibe-coded Solidity code? pic.twitter.com/4p78ZZvd67

— pashov (@pashov) February 17, 2026