區塊先生 🐡 ⚠️ (rock #58)|Feb 18, 2026 06:49
"Tag it ️
@MoonwellDeFi lending protocol faced a major incident, resulting in approximately $1.78 million in bad debt. Shockingly, the critical code behind this vulnerability was co-written with the help of @AnthropicAI Claude Opus 4.6!
Core of the incident: The oracle price for cbETH was mistakenly set to around $1.12 (actual market price was about $2,200), essentially giving attackers a 99.9% super discount. Exploiters (mostly automated bots) liquidated large amounts of cbETH collateral at an extremely low cost—paying off debts of just $1 to seize assets worth thousands of dollars. In total, around 1,096 cbETH were liquidated, leaving behind massive bad debt.
The issue stemmed from governance proposal MIP-X43, which activated the Chainlink OEV wrapper. The oracle calculation formula missed multiplying by the ETH/USD price and only used the cbETH/ETH ratio, leading to severe underestimation. GitHub commits show the problematic logic was co-authored by human developers and Claude, marking the first major DeFi vulnerability caused by "AI vibe-coding."
Moonwell has urgently lowered the borrowing and supply caps for cbETH to prevent further losses. But this incident serves as a wake-up call:
- Even the most advanced AI (Claude 4.6, which excels in security benchmarks) can produce Solidity code with fatal logical errors.
- DeFi oracle configuration is critical—missing a single multiplication can wipe out millions.
- "Rapid iteration + AI assistance" may be trendy, but high-risk core code absolutely requires thorough human review and professional auditing.
This is likely the first multimillion-dollar loss in DeFi history directly tied to AI co-authored code. As AI-written contracts become more widespread in the future, security processes must evolve accordingly.
Be extra cautious, audit thoroughly, and don’t let AI become the "most expensive bug generator."
#DeFi #Moonwell #cbETH #Oracle #AICoding #CryptoSecurity
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink