TL;DR
- The Moonwell protocol suffered an exploit on its lending platform on Base, caused by a Chainlink oracle malfunction that valued 0.02 wrstETH at $5.8 million.
- The attacker used a flashloan and repeated the operation seven times over three hours, achieving a total profit of 292 ETH (approximately $1.01 million).
- The impact was immediate: Moonwellās TVL fell from $268 million to $213 million, and the WELL token dropped more than 12%.
DeFi started November with a stark reminder of its vulnerabilities. Within just 48 hours, Moonwell and Balancer recorded combined losses of $129 million, exposing structural risks in the infrastructure and contracts of these systems.
The Moonwell attack originated on November 4 on its lending protocol on Base. A temporary Chainlink oracle pricing error valued 0.02 wrstETHāa practically worthless collateralāat $5.8 million.
The attacker used a flashloan to deposit the inflated collateral and borrowed over 20 wstETH. The operation was repeated seven times within three hours, with each cycle generating between 24.5 and 24.9 ETH, for a total gain of 292 ETH, approximately $1.01 million. All transactions were executed within single blocks, bypassing liquidation mechanisms. CertiK confirmed that the exploit occurred due to the oracle pricing error.
Moonwell Plummets Following the Exploit
The effect on Moonwell was immediate. Its TVL dropped from $268 million to $213 million, a $55 million outflow in just a few hours. The WELL token declined more than 12%, sliding to around $0.012, while the broader crypto market fell over 1%.
This incident adds to a series of similar failures. In 2024, a flashloan caused a $320,000 loss; in October 2025, another oracle failure resulted in $1.7 million in losses. The removal of Moonwellās bug bounty program (Immunefi) in February 2025 reduced incentives for researchers to identify vulnerabilities before attackers did.
Cracks in DeFi Security
In the case of Balancer, hackers exploited access control flaws across six blockchains: Ethereum, Arbitrum, Base, Optimism, Polygon, and Sonic. Berachain even halted its network to implement an emergency hard fork. Together, these incidents show that failures in critical infrastructure, oracle systems, and protocol design can generate massive losses, even for widely recognized platforms.
Experts warn that these attacks reflect a troubling pattern: reliance on external services and lack of robust audits continue to leave DeFi users exposed. Security remains a central challenge for the sector
