Skip to main content
Security

Moonwell Lending Protocol Drained by Chainlink Oracle Price Manipulation on Base

An external oracle malfunction incorrectly priced wrstETH collateral, enabling a repeated loan-and-drain cycle that bypassed liquidation logic.
November 20, 20254 min

A close-up view reveals a complex blue and white mechanical or digital assembly, prominently featuring a glowing, spherical blue core surrounded by concentric white rings and detailed metallic components. The surrounding structure consists of dark blue panels with etched silver circuitry patterns, suggesting an advanced technological device
A close-up perspective showcases a futuristic device, primarily composed of translucent blue material, featuring a central silver button labeled 'PUSH' set within a rectangular silver base. The device's sleek design and visible internal structures highlight its advanced engineering

Briefing

The Moonwell lending protocol on Base suffered a critical oracle price manipulation exploit, resulting in a significant loss of funds and the accrual of substantial bad debt for the system. This attack leveraged a temporary malfunction in an external Chainlink price feed, which incorrectly valued a minimal amount of wrstETH collateral at millions of dollars, allowing the attacker to repeatedly over-borrow assets. The primary consequence is a $55 million collapse in Total Value Locked (TVL) and the protocol being saddled with up to $3.7 million in unrecoverable bad debt, stemming from an attacker profit of approximately $1.01 million.

A close-up view displays a transparent blue mechanical assembly, showcasing intricate internal components. Metallic cylindrical parts are visible, interconnected by black rings and translucent blue structures

Context

The protocol’s pre-incident security posture was already compromised, marked by three prior major security incidents over three years, highlighting systemic vulnerabilities in its core design and operational risk management. This history was exacerbated by the decision to cancel its Immunefi bug bounty program months before the current exploit, effectively removing the financial incentive for white-hat researchers to responsibly disclose the very oracle-related flaws that were ultimately leveraged. The prevailing attack surface was the reliance on external price feeds without sufficient circuit breakers or sanity checks on extreme valuation outputs.

The image displays a complex mechanical structure featuring translucent blue internal circuitry enveloped by smooth white and metallic external components. This detailed rendering highlights an advanced decentralized network topology, where visible transparent sections illustrate active transaction processing and intricate smart contract logic execution

Analysis

The attack compromised the lending protocol’s core risk engine by exploiting a data integrity failure in the external price oracle. The attacker initiated a flash loan to acquire a small amount of wrstETH , which was then deposited as collateral. Due to a malfunction, the Chainlink oracle temporarily reported an erroneous, highly inflated price for this collateral, valuing it at approximately $5.8 million.

The protocol’s lending logic, accepting this faulty valuation, permitted the attacker to borrow over 20 wstETH against the minimal collateral. This process was repeated seven times within single blocks to bypass liquidation mechanisms and successfully drain the protocol’s liquidity.

The image displays a series of interconnected, translucent blue spheres, some with a textured surface, forming a chain-like structure against a soft grey background. From a prominent central sphere, multiple metallic, rod-like probes extend outwards, suggesting intricate connectivity

Parameters

  • Attacker Profit ∞ ~$1.01 Million ∞ The total value in ETH (292-295 ETH) successfully extracted by the attacker.
  • Bad Debt Accrued ∞ ~$3.7 Million ∞ The total unrecoverable debt left on the protocol’s books due to the over-borrowed assets.
  • Collateral Misprice ∞ $5.8 Million ∞ The inflated value the faulty oracle temporarily assigned to the small amount of wrstETH collateral.
  • TVL Drop ∞ $55 Million ∞ The immediate capital flight and decline in Total Value Locked following the public disclosure of the exploit.

A vibrant blue, translucent fluid element appears to flow continuously above a complex, dark blue transparent mechanism. This mechanism, intricately detailed with internal structures, is mounted on a robust, dark gray ribbed base, against a soft, blurred background of light gray and deep blue forms

Outlook

The immediate mitigation step for users of similar lending protocols is to verify that all external price feeds are subject to robust, in-protocol sanity checks that flag and halt transactions based on extreme price volatility or implausible collateral valuations. This incident reinforces the contagion risk for other protocols relying on the same external oracle infrastructure or those that lack multi-layered defense-in-depth security mechanisms, particularly for illiquid or newly-integrated assets. Moving forward, this event will likely establish a new security best practice mandating the use of time-weighted average prices (TWAPs) or decentralized oracle networks with built-in deviation thresholds, rather than relying solely on a single, instantaneous price feed.

A sophisticated abstract 3D render displays a central blue, amorphous form partially encased by a white, highly porous, web-like material. Various metallic cylindrical elements and distinct blue rectangular processing units are visibly integrated within this intricate structure

Verdict

This exploit serves as a definitive operational warning that systemic risk in DeFi is increasingly shifting from contract logic bugs to failures in external data dependencies, demanding immediate, protocol-level data validation and circuit breaker implementation.

Oracle manipulation, lending protocol exploit, price feed error, collateral valuation flaw, flash loan attack, Base network security, decentralized finance risk, bad debt accrual, external dependency failure, smart contract vulnerability, asset price distortion, liquidation bypass, over-borrowing vector, systemic data risk, Base L2 DeFi, risk engine failure, wrstETH asset Signal Acquired from ∞ ambcrypto.com

Micro Crypto News Feeds

oracle price manipulation

Definition ∞ Oracle price manipulation involves distorting the external market data fed into a blockchain's smart contracts.

price feeds

Definition ∞ Price feeds are external data sources that supply real-time asset price information to smart contracts on a blockchain.

chainlink oracle

Definition ∞ A Chainlink oracle is a decentralized service that provides external data to blockchain-based smart contracts.

liquidation

Definition ∞ Liquidation is the process of converting an asset into cash.

bad debt

Definition ∞ Bad debt in digital asset markets represents unrecoverable loans or credit extensions within decentralized finance protocols.

collateral

Definition ∞ Collateral refers to an asset pledged by a borrower to a lender as security for a loan.

total value locked

Definition ∞ Total value locked (TVL) is a metric used in decentralized finance to measure the total amount of assets deposited and staked within a particular protocol or decentralized application.

external oracle

Definition ∞ An external oracle is a service that brings real-world data onto a blockchain for use by smart contracts.

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

Tags:

Tags: