TL;DR
- Oracle Failure: Moonwell mispriced cbETH at $1.12 instead of $2,200, triggering liquidations that produced $1.78 million in bad debt and wiped out user collateral.
- AI Involvement: The faulty configuration included commits co-authored by Claude Opus 4.6, sparking debate over whether AI-assisted coding contributed to the error or merely surfaced a human-level oversight.
- Containment Measures: Moonwell froze the affected market by reducing caps to 0.01, but governance delays allowed liquidations to continue, adding to losses and highlighting ongoing oracle-related vulnerabilities in the protocol.
DeFi Lending Protocol, Moonwell, is facing renewed scrutiny after a critical oracle configuration error caused Coinbase Wrapped ETH to be mispriced at roughly $1.12 instead of its actual market value near $2,200, triggering a cascade of liquidations and leaving the lending protocol with approximately $1.78 million in bad debt. The incident, which unfolded on February 15 following the activation of governance proposal MIP X43, has drawn additional attention because the faulty code was partially authored by Anthropicās Claude Opus 4.6, raising questions about AI-assisted development in DeFi infrastructure.
šØClaude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss
cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude – Is this the first hack of vibe-coded Solidity code? pic.twitter.com/4p78ZZvd67
— pashov (@pashov) February 17, 2026
Oracle Mispricing Triggers Liquidations
According to Moonwellās post-mortem report, the issue stemmed from an Oracle configuration that used only the cbETH to ETH exchange rate rather than multiplying that ratio by the ETH to USD price feed. This caused cbETH to be reported at just over $1, enabling liquidators to repay minimal debt and seize collateral worth thousands. A total of 1,096.317 cbETH was liquidated, resulting in $1,779,044.83 in bad debt across several assets. Moonwellās monitoring systems detected the discrepancy quickly, but correcting the oracle required a governance vote, allowing liquidations to continue until the patch was finalized.
Governance Change and Containment Measures
The vulnerability emerged immediately after Moonwell enabled Chainlinkās OEV wrapper contracts across Base and Optimism. Once the mispricing was identified, the team reduced supply and borrow caps for the affected cbETH market to 0.01, effectively freezing new activity. While this limited further damage, many users had already suffered severe losses. Some borrowers lost nearly all their collateral, while others exploited the incorrect pricing to borrow more than they should have been allowed, compounding the protocolās debt.
AI Authorship Sparks Debate
The pull request associated with the faulty configuration showed commits co-authored by Claude Opus 4.6, prompting debate over whether AI-generated Solidity contributed to the exploit. Smart contract auditor Pashov highlighted the AI involvement, while experts such as SlowMist founder Cos and Trading Protocolās Mikko Ohtamaa argued the issue was a simple configuration mistake that could have been made by any developer and should have been caught by integration tests.
Moonwell has not attributed the incident directly to AI-generated code, but the episode adds to a series of oracle-related disruptions for the protocol. The event also echoes a recent pricing error at Bithumb, where a wrong unit assignment created tens of billions in phantom value, underscoring the risks of misconfigured financial logic in crypto systems.
