A recent exploit in the DeFi lending protocol Moonwell led to a loss of $1.78 million due to a smart contract vulnerability. The issue arose from an incorrect price setting of the cbETH asset at $1.12 instead of approximately $2,200, causing a bad debt event.

Security auditor Krum Pashov highlighted that GitHub commits related to the faulty proposal were co-authored by Claude Opus 4.6, an AI coding assistant, sparking discussions about the role of automated “vibe coding” in introducing the flawed oracle logic.

This incident may mark the first known hack involving Solidity code partially written with AI assistance.

Sources:

  • https://www.theblock.co/post/390302/defi-lending-protocol-moonwell-hit-with-1-8-million-bad-debt-after-oracle-misconfiguration
  • https://github.com/moonwell-fi/moonwell-contracts-v2/pull/578/commits
  • https://x.com/pashov/status/2023872510077616223