Claude Opus 4.6 Vulnerable Code Triggers $1.78M Moonwell Exploit

Claude Opus 4.6 Vulnerable Code Exposes AI Risks in Moonwell

The decentralized finance (DeFi) world is facing a new kind of crisis after a major security breach on the Moonwell protocol. On February 17, 2026, experts discovered that Claude Opus 4.6 vulnerable code was at the heart of an exploit that cost the platform approximately $1.78 million. This incident is making headlines because it appears to be the first high-profile case of "vibe-coding" leading to a massive financial loss in the crypto space. 

The trouble started when developers used Anthropic's newest and most powerful AI model to help write smart contract logic. While the artificial intelligence is known for its speed, the Claude Opus 4.6 vulnerable code contained a simple but deadly math error. Specifically, the oracle price feed for cbETH was set incorrectly. Instead of showing the real market price of around $2,200, the AI-generated formula set the price at just $1.12. This mistake allowed attackers to manipulate the system and drain funds almost instantly.

The Risks of AI Vibe-Coding: Claude Opus 4.6 Vulnerable Code

Smart contract auditor Pashov was one of the first to spot the issue. He pointed out that the project’s GitHub records clearly show the commits were "Co-Authored-By: Claude Opus 4.6." This has sparked a huge debate about "vibe-coding", a style where developers rely on AI "vibes" to write code quickly without checking every line. While the Claude Opus 4.6 vulnerable code looked correct at first glance, it failed to handle a basic pricing formula, proving that even the smartest artificial intelligence can make low-level mistakes.

Source: X(formerly Twitter)

Key details about the Moonwell exploit:

Oracle Error: The Model vulnerable code misconfigured how the price feed pulls data, leading to a 99% price discrepancy.

Losses: Attackers exploited this gap to drain roughly $1.78 million from the DeFi lending protocol.

Expert Warning: SlowMist founder Cos described the incident as a very basic mistake that should have been caught during a human review.

The Artificial intelligence Paradox: Just days before, Anthropic had bragged that the Model found 500+ bugs in other software, yet it created a new one here.

Expert Analysis: The Future of Artificial intelligence in Crypto

This hack is a wake-up call for the entire crypto industry. The Claude Opus 4.6 vulnerable code proves that we cannot yet trust AI to manage millions of dollars without human oversight. As we move further into 2026, projects must find a balance between using AI for speed and using human experts for safety. "Vibe-coding" might be the future of app development, but for smart contracts that hold user money, a "vibe" is simply not enough. The industry will likely see a move toward stricter "Proof of Human Review" for all AI-generated code. Because human code review is really important because, as such, AI error may happen again, but coders should be aware and should review the code before deployment.

Your Money Your Life (YMYL) Disclaimer: DeFi investing is risky. Code co-authored by AI requires professional auditing to ensure safety. This report is for information only and is not financial advice.