AI-assisted code mispriced cbETH at $1 instead of $2,200, letting liquidators seize massive collateral for minimal debt.
Human oversight failed: auditors and developers missed the oracle error, highlighting AI coding risks in DeFi.
Moonwell’s loss mirrors Bithumb’s $40B ghost value error, proving small code mistakes can cause huge crypto losses.
A major alarm shook the DeFi world as Moonwell, a decentralized lending protocol on Base and Optimism, suffered a $1.78 million loss due to an AI-linked coding error. The exploit targeted Moonwell’s Coinbase Wrapped Ether (cbETH) Core Market on Base, where a misconfigured oracle mispriced cbETH at roughly $1.12 instead of its real market value near $2,200.
According to the protocol, the error emerged from code partially written by Anthropic’s Claude Opus 4.6 model. Consequently, liquidators exploited the flawed pricing to seize collateral while repaying minimal debt.
Moonwell explained that the problem arose after implementing governance proposal MIP-X43, which integrated Chainlink’s Oracle Extractable Value (OEV) wrapper contracts. Instead of calculating cbETH’s USD price by multiplying the cbETH/ETH exchange rate with the ETH/USD feed, the system treated the cbETH/ETH rate as if it were already in dollars.
Hence, attackers could repay about $1 of debt and extract thousands in cbETH, WETH, USDC, and other assets. Within hours, Moonwell reduced the cbETH borrow cap to 0.01, freezing new borrowing and limiting further damage. However, liquidations already processed left users with severe losses.
Oracle Missteps and Human Oversight
This incident highlights the dangers of insufficient human review in AI-assisted code. Smart contract auditor Pashov emphasized, “behind the AI is a person who checks the finished work, and possibly an auditor.
For this reason, blaming the neural network alone is incorrect, although the incident ‘raises concerns’ about vibe coding.” Additionally, blockchain security firm SlowMist cited “oracle formula vulnerability” as a consequence of flawed human oversight that allowed the faulty code into production.
AI Coding Risks in DeFi
The Moonwell exploit mirrors recent AI-related coding risks in crypto. A study found 69 vulnerabilities across 15 applications using AI coding tools like Cursor, Claude Code, and Codes. Moreover, Anthropic research from December 2025 showed Claude Opus 4.5 could simulate exploits worth $4.6 million independently. These findings reveal that while AI can accelerate development, it can also magnify risk if human oversight remains weak.
Interestingly, Moonwell’s mishap resembles Bithumb’s February 6 error in South Korea, where a wrong-unit assignment during a rewards promotion created over $40 billion in ghost value. Both cases underline how seemingly minor coding mistakes can trigger catastrophic losses in digital finance.
The post Moonwell Loses $1.78M in AI-Linked Oracle Exploit appears on Crypto Front News. Visit our website to read more interesting articles about cryptocurrency, blockchain technology, and digital assets.