Foresight News|Mar 26, 2026 13:28
Moonwell faces governance crisis, attacker maliciously proposes transfer of contract management control
Foresight News reports that DeFi lending protocol Moonwell is facing a risk of over $1 million as an unidentified participant attempts to use the proposal to allocate power. According to multiple on chain observers, an attacker spent approximately $1800 to purchase around 40 million MFAM tokens, enough to drive a malicious governance proposal that would transfer management control of the protocol's core contracts. \The entire process of purchasing tokens, creating proposals, and voting for approval takes approximately 11 minutes. The proposal is currently in effect in Moonwell's Moonriver deployment environment, which will transfer control of seven lending markets, audit firms, and oracle machines to contracts controlled by attackers. Once executed, the contract may result in the entire agreement being emptied of funds. According to current estimates, if the proposal is implemented, approximately $1.08 million in user funds may be at risk. \Moonwell is a lending agreement based on Moonbeam and Moonriver, and is part of the Polkadot ecosystem. Prior to this, it incurred approximately $1.78 million in bad debts in February this year due to a configuration error in its oracle.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink