Skip to main content
Security

Moonwell Lending Protocol Drained by External Oracle Price Manipulation

Transient oracle pricing error on Base allowed negligible collateral to be valued at millions, exposing systemic risk in external data feeds.
November 22, 20253 min

An intricate, spherical mechanical and digital construct dominates the frame, composed of numerous deep blue modular circuit boards and an array of intertwined gray structural tubes. Fine blue data cables crisscross throughout, connecting the various components and external interfaces
A spherical object is vertically split, showcasing a smooth, light blue left half with several circular indentations, and a translucent, darker blue right half containing swirling white cloud-like forms and internal structures. A dark, circular opening is visible at the center of the split line, acting as a focal point between the two distinct halves

Briefing

The Moonwell lending protocol on the Base network was exploited via a critical external oracle malfunction, resulting in significant asset loss and protocol bad debt. The incident’s primary consequence is the immediate accrual of nearly $3.7 million in unrecoverable bad debt for the protocol, driven by the attacker’s ability to over-borrow against worthless collateral. This attack was enabled by a transient Chainlink oracle pricing error that incorrectly valued a small deposit of wrstETH collateral at $5.8 million. The attacker successfully executed the borrowing loop seven times, ultimately profiting approximately $1.01 million in stolen assets.

A close-up view displays a complex, multi-faceted mechanical core constructed from interlocking blue and silver polygonal modules. Numerous black cables are intricately intertwined around this central structure, connecting various components and suggesting a dynamic data flow

Context

Lending protocols maintain a high-risk security posture due to their reliance on real-time external data for collateral valuation and liquidation logic. The prevailing attack surface for such systems is the oracle infrastructure, where even momentary mispricing can be leveraged to create a solvency crisis. This vulnerability class was previously known, as Moonwell had suffered a $1.7 million oracle-related incident just 24 days prior, highlighting a persistent, unmitigated systemic weakness.

A close-up view reveals an array of interconnected, futuristic modular components. The central focus is a white, smooth, cube-shaped unit featuring multiple circular lenses, linked to translucent blue sections exposing intricate internal mechanisms

Analysis

The attack vector exploited a temporary malfunction in the Chainlink oracle price feed for wrstETH on the Base network. The attacker executed a flash loan to acquire a minimal amount of wrstETH and deposited it as collateral into Moonwell. Due to the oracle glitch, the protocol’s smart contract logic accepted the 0.02 wrstETH deposit as being worth $5.8 million, far exceeding its true value.

This inflated collateral allowed the attacker to borrow a substantial amount of wstETH and other tokens, repeating the process seven times within a three-hour window before the price feed corrected. The rapid, single-block execution of these transactions bypassed standard liquidation mechanisms, ensuring the attacker’s profit and leaving the protocol with unbacked debt.

A white central sphere, adorned with numerous blue faceted crystals, is encircled by smooth white rings. Metallic spikes protrude from the sphere, extending through the rings against a dark background

Parameters

  • Attacker Profit ∞ $1.01 Million ∞ The approximate total value of assets stolen by the attacker (295 ETH).
  • Protocol Bad Debt ∞ $3.7 Million ∞ The unrecoverable loss left on the protocol’s books due to the over-borrowing.
  • Collateral Misvaluation ∞ $5.8 Million ∞ The erroneous value assigned to the attacker’s small collateral deposit by the malfunctioning oracle.
  • Vulnerable Asset ∞ wrstETH ∞ The specific wrapped restaked ETH token whose price feed was compromised.

The image displays multiple black and white cables connecting to a central metallic interface, which then feeds into a translucent blue infrastructure. Within this transparent system, illuminated blue streams represent active data flow and high-speed information exchange

Outlook

Immediate mitigation requires all lending protocols to implement multi-layered oracle validation, incorporating time-weighted average prices (TWAPs) and circuit breakers that halt operations upon detecting extreme price volatility or zero-value feeds. The contagion risk is moderate, primarily affecting other lending platforms that rely on similar external oracle configurations for low-liquidity or wrapped assets. This incident will likely establish a new security best practice mandating comprehensive, real-time cross-validation of all external price data against an internal sanity check layer to prevent single-point-of-failure oracle exploits.

A prominent white, segmented sphere with two surrounding rings is depicted against a blurred blue background. Its cracked surface reveals a bright blue inner core emitting numerous small, white, spike-like elements, alongside metallic, block-like structures to the right

Verdict

This incident confirms that relying on a single, unvalidated external price feed remains a critical, unaddressed systemic vulnerability for the entire decentralized lending sector.

lending protocol, oracle manipulation, price feed error, external data risk, collateral misvaluation, flash loan attack, decentralized finance, smart contract exploit, Base network, asset loss, bad debt, systemic risk, defi security, chainlink glitch, wrapped assets, asset price distortion, on-chain forensics, collateral ratio failure, protocol solvency Signal Acquired from ∞ ambcrypto.com

Micro Crypto News Feeds

chainlink oracle

Definition ∞ A Chainlink oracle is a decentralized service that provides external data to blockchain-based smart contracts.

external data

Definition ∞ External data refers to information originating from outside a blockchain network that is required for smart contract execution.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

collateral

Definition ∞ Collateral refers to an asset pledged by a borrower to a lender as security for a loan.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

bad debt

Definition ∞ Bad debt in digital asset markets represents unrecoverable loans or credit extensions within decentralized finance protocols.

collateral misvaluation

Definition ∞ Collateral misvaluation occurs when the value assigned to an asset pledged as security in a financial transaction is inaccurate.

price feed

Definition ∞ A price feed is a continuous stream of real-time or near real-time pricing data for a specific asset.

external oracle

Definition ∞ An external oracle is a service that brings real-world data onto a blockchain for use by smart contracts.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

Tags:

Tags: