Moonwell, the DeFi lending protocol operating on Base and Optimism, has denied reports of a new $1 million exploit, stating that the incident stemmed from a misreported oracle price rather than an active hack.
Earlier today, several blockchain security firms flagged what appeared to be another attack on Moonwell’s oracle systems, its fourth major security event in three years. CertiK and QuillAudits initially reported that a faulty data feed had allowed an attacker to borrow funds by exploiting inflated prices for wrapped restaked ETH (wrsETH), prompting fears of another large-scale DeFi breach.
However, Moonwell later issued an official statement clarifying the situation. “We are currently investigating a misreported price for wrsETH,” the team said on X. “The risk manager for the wrsETH Core Market on Base and OP Mainnet has significantly reduced the supply and borrow caps in these markets.”
DeFi developer Luke Youngblood, commenting on X, reinforced the clarification: “It’s important to note there was no exploit or hack on Moonwell. This was a mispricing of wrsETH.”
The issue appears to have originated from an oracle error that temporarily distorted price data for wrsETH, causing automated systems to register abnormal valuations. By freezing affected pools and reducing borrowing limits to near zero, Moonwell effectively prevented further market manipulation.
The timing of the incident added to market anxiety, coming less than 24 hours after the $116 million Balancer exploit. Both events highlight how deeply DeFi platforms depend on accurate oracle feeds and automated market functions that can fail catastrophically when data becomes unreliable.
Moonwell said it is working “with leading security researchers” to find the cause and will publish a full report. The team maintains that no funds were lost, though parts of the DeFi community dispute that claim.
According to independent researcher @SpecterAnalyst, the same address had previously exploited Moonwell on October 10, stealing 269 ETH (roughly $1 million). Specter claims the attacker returned during this latest incident and siphoned an additional 295 ETH (~$1.1 million), bringing the total loss to over $2 million.
If confirmed, this would contradict Moonwell’s statement that no funds were taken, raising questions about whether the initial issue was fully resolved.
The incident highlights a familiar DeFi tension: public reassurances versus on-chain reality. Researchers warn that until Moonwell’s full audit is released, users should remain cautious.
Even without confirmed losses, oracle errors like this reveal how fragile automated systems remain. As restaking assets like wrsETH spread, one bad data point can ripple across networks in seconds.
Moonwell’s affected markets stay paused as developers verify prices and reset risk limits. Whether glitch or exploit, the case shows how DeFi failures often begin as quiet data mistakes before turning costly.
