Moonwell Hacked, $1M Lost: Oracle Triggers DeFi Flash Loan Attack

Moonwell Hacked: What Went Wrong with the DeFi Protocol’s Oracle Feed

Moonwell is a top decentralized lending protocol that has been a victim of a significant exploit, which cost it around $1 million . The attack was a result of a buggy Oracle feed on its blockchain network.

Moonwell Hacked News: What Happened?

On November 4, 2025, blockchain security companies CertiK and BlockSec announced that the lending agreement between Moonwell and its customers was abused by several malicious transactions.

The protocol price oracle was manipulated by the attackers and gave an exaggerated price of close to $5.8 million to the wrstETH token.

Source: Skylene X

With this fake information, they could take out huge amounts of crypto without much collateral. The hackers ended up earning 295 ETH, which is worth approximately $1 million . The problem was observed in deployments of Moonwell in both the Base and Optimism blockchains. 

It is one of the most recent instances of how oracle vulnerabilities still pose a threat to decentralized finance platforms, which is a reminder that even protocols that one trusts are at risk when they use external sources of data.

How the Attack Worked?

• This was executed via a flash loan, which is a kind of uncollateralized loan frequently utilized in DeFi trading.

• The attacker took out a small loan in the form of 0.02 wrstETH and loaned it to the lending contract of Moon Well. Since the oracle falsely appraised wrstETH at millions of dollars, the protocol assumed that the deposit was valuable collateral.

• This enabled the exploiter to borrow more than 20 wstETH repeatedly in separate transactions, which emptied the liquidity of the protocol.

• Once the money was obtained, the attacker exchanged it into 295 ETH and moved the money to different wallets to hide the tracks.

• The event highlights how one mistake in price information can cause disastrous financial damage in the smart contract ecosystems.

Technical Details

• CertiK and BlockSec verified that the vulnerability was caused by a malfunctioning off-chain oracle that gave incorrect price data of rsETH/ETH.

• The attack was aimed at smart contracts of Moonwell on the Base and Optimism networks, two popular scaling solutions of Ethereum.

• Analysts indicate that MEV bots might have contributed to the exploitation of the flaw.

• Although the core contracts of Moonwell worked as intended, the incorrect oracle feed made the system overprice collateral, which allowed attackers to pull out assets way beyond their actual value.

Impact

• More than $1 million was lost in the attack, and it has caused investors to lose confidence in the platform. 

• It also brings to light the current security issues in the decentralized finance sector, where even audited smart contracts can be affected by the failure of oracles. 

• Also, due to recent exploits and hacks, the overall defi market fells 11.1%. 

• The event can lead regulators and developers to drive towards enhanced oracle validation and better risk management structures.

Conclusion

Another cold shower is this exploit, which turns out to be the weakest link of DeFi in many cases. Enhancing price feeds and auditing of smart contracts is also essential in avoiding breaches in the future. Recently, Balancer hacked news also shivers the crypto market and Decentralized Finance sector.