Vibe-Coded and Rekt: AI Wrote the Moonwell Code That Cost $1.78M in Four Minutes
One GitHub commit. One missing multiplication. One AI co-author that cleaned up the code perfectly and missed the catastrophic pricing error completely. On February 15, 2026, a broken oracle on Moonwell Finance repriced cbETH from $2,200 to $1.12 - a 99.9% discount that liquidation bots turned into $1.78 million in bad debt before human responders could type a single command. The commit that caused it listed one collaborator nobody expected to see: Co-Authored-By: Claude Opus 4.6.
The Four-Minute Window That Cost $1.78 Million
At 6:01 PM UTC on February 15, governance proposal MIP-X43 executed on Moonwell Finance. On paper it was routine - enabling Chainlink OEV wrapper contracts across Moonwell's core markets on Base and Optimism, a standard infrastructure upgrade to capture oracle extractable value. Nobody set off alarms. Nobody ran a final price sanity check. Nobody should have needed to - the code had been reviewed, audited by AI, and approved by a DAO with 99.1% in favor.
One configuration was wrong. The oracle designed to price cbETH in US dollars was only pulling the cbETH/ETH exchange ratio - approximately 1.12, reflecting accumulated staking rewards - and treating it as the final dollar figure. The critical second step, multiplying by the ETH/USD price to get the actual dollar value, was absent from the deployed contract. An asset trading at roughly $2,200 was suddenly reported on-chain at $1.12.
Liquidation bots do not hesitate. They do not verify whether the numbers look right against what Coinbase shows. They scan the protocol continuously, and the moment MIP-X43 executed, every cbETH-backed borrowing position on Moonwell instantly appeared massively undercollateralized at the new $1.12 valuation. The bots moved in the same block.
The math was simple for anyone watching: repay a dollar of debt, seize a cbETH worth $2,200 in the real world. Repeat until either the collateral runs out or someone stops the feed. By the time Anthias Labs detected the discrepancy and slashed the borrow cap to 0.01, four minutes had passed. In those four minutes, 1,096.317 cbETH had been stripped from borrowers across the protocol - collateral gone, residual debt remaining, protocol left holding $1,779,044.83 in bad debt it will never recover.
"If your fastest defense moves in minutes but your attackers move in milliseconds, is four minutes a response time or a eulogy?" - rekt.news post-mortem analysis
Even after Anthias cut the borrow cap, the underlying oracle error could not be corrected. Fixing the price feed required a new governance proposal and a mandatory five-day voting and timelock period. The damage had been done within 240 seconds. The fix would require 7,200 minutes.
Co-Authored-By: Claude Opus 4.6 - What Actually Happened
The most-screenshotted line in DeFi security circles for the week of February 15 wasn't from the exploit itself. It was from the GitHub commit history of Pull Request #578 in the moonwell-contracts-v2 repository:
Contributor anajuliabit submitted the PR to activate Chainlink OEV wrappers across remaining markets on Base and Optimism. GitHub Copilot reviewed all four changed files and generated four review comments. Human reviewers examined and approved the code. The governance proposal went live and passed with 99.1% of voting weight in favor. Every institutional safeguard in the modern AI-assisted development workflow said this was fine.
To be precise about what Claude Opus 4.6 actually contributed: fixing int256 validation, implementing a try/catch on chainlinkOracle() to skip re-deploying when two configurations share the same oracle, removing an unused ProxyAdmin import, and swapping in assertTrue(answer > 0) to properly catch negative oracle prices. Clean. Defensive. Exactly the kind of rigorous hygiene you want in production financial code.
What neither Claude nor Copilot nor the human reviewers caught: the cbETH price feed was pulling only the cbETH/ETH exchange rate and treating the output - a dimensionless ratio of approximately 1.12 - as a dollar value. The ETH/USD multiplication that converts a ratio into a real price was absent entirely. Not obfuscated. Not hidden in a complex dependency chain. Just missing.
Source: Moonwell Governance Forum, MIP-X43 incident summary; GitHub pull request #578, moonwell-contracts-v2; rekt.news analysis
Mikko Ohtamaa ran a post-mortem experiment after the fact, feeding the same PR directly to Claude with a precise prompt asking it to identify the oracle error. Claude caught it when asked specifically to look. That's the uncomfortable nuance in this story - the AI is not incapable of finding the error. It just wasn't asked to look for it during the original review process.
"Regardless of whether the code is written by an AI or by a human, these kinds of errors are caught in an automated integration test suite... In this case, tests existed, but there was no test case for price sanity, not in the tests, not in the production itself." - Mikko Ohtamaa, independent security researcher
Tests existed. The right test for this specific failure mode did not. No floor, no ceiling, no assertion that a reported price of $1.12 for an asset trading at $2,200 should halt deployment and trigger an alert. The final deployed system had no automatic sanity check that would have asked the obvious question: does this number make any sense at all?
Synthetic Confidence: When Code Looks Right But Isn't
Patrick Collins of smart contract security firm Cyfrin named the actual problem after the exploit went public:
"AI is really good at convincing you that your code is good. Remember, AI is like a really smart fast-working recently graduated post-grad, and is actually still kind of an idiot. And will lose you millions of dollars." - Patrick Collins, Cyfrin
This is the distinct risk AI introduces into code review that didn't exist before. The error itself - a misconfigured oracle that skips a price conversion step - is not exotic. Senior engineers have made this exact class of mistake without any AI involvement. Auditors miss formula errors. Humans approve wrong configurations under deadline pressure. Every individual failure in this chain has a human explanation that doesn't require an AI in the room.
But AI changes the review dynamic in one specific way: it is extraordinarily good at making wrong code look right. Claude's contributions to PR #578 were correct. The int256 validation fix was correct. The try/catch implementation was correct. The negative oracle price assertion was correct. The code that Claude touched looked clean, well-commented, and professionally structured - because it was. The surrounding code that Claude reviewed but didn't rewrite, the code containing the missing multiplication, looked the same way.
A human developer staring at a cbETH oracle configuration in isolation might feel something - a flicker of wrongness, a number that doesn't match what they'd seen on a price terminal. AI has no such flicker. It produced defensible review comments, formatted them well, and moved to the next file.
Pashov, who surfaced the Claude co-authorship publicly on X, offered the most honest framing available:
"Of course, human behind AI decides and reviews the code, possibly a security auditor as well. Sad to see another exploit, but makes you wonder a bit about vibe-coding." - Pashov, smart contract auditor
SlowMist founder Cos was characteristically blunt: "One highlight of this vulnerability is: Co-Authored-By: Claude Opus 4.6. Claude's latest and strongest model."
Both responses point at the same unresolved problem. The AI made the error by omission. The humans ratified it. The governance process blessed it. The timelock locked in the damage. When a misconfiguration this simple - one missing multiplication - survives AI review, Copilot review, human code review, and a DAO vote with 99.1% approval, what exactly is the review process reviewing?
The Full Damage Map: $1.78M Across Eleven Assets
The exploit was not a single targeted theft. There was no coordinated attacker, no exploit contract to trace, no Tornado Cash laundering trail. What happened on-chain was a liquidation cascade operating exactly as Moonwell's protocol was designed to operate - on a price that was catastrophically wrong.
Two categories of actors extracted value simultaneously. Liquidation bots moved first, scanning continuously and acting in the same block the oracle error went live. Over-borrowers followed, depositing minimal collateral and borrowing cbETH at the artificial $1.12 price to extract real-world value before anyone could intervene.
The full damage across eleven debt assets, as documented in Anthias Labs' public spreadsheet and the official Moonwell forum post:
| Asset | Bad Debt Generated |
|---|---|
| cbETH | $1,033,393 |
| WETH | $478,998 |
| USDC | $232,584 |
| EURC | $11,566 |
| cbBTC | $11,442 |
| cbXRP | $7,947 |
| DAI | $1,520 |
| USDS | $1,052 |
| AERO | $204 |
| MORPHO | $171 |
| wstETH | $164 |
| TOTAL | $1,779,044.83 |
The spread across multiple assets reflects how broadly the blast radius extended. Borrowers holding mixed collateral portfolios saw all their positions dragged underwater simultaneously by the single broken cbETH price feed. This is not simply a cbETH story - it is a story about how one misconfigured oracle can contaminate an entire lending protocol's risk calculations.
The $1.78M figure also represents unpaid loans - the gap between what liquidation bots repaid to seize collateral and what borrowers actually owed. The collateral is gone. The debt remains on Moonwell's books. There is no recovery mechanism in the protocol's current governance structure that can claw this back.
Source: Moonwell Forum MIP-X43 incident summary; Anthias Labs public spreadsheet; rekt.news forensics
Three Failures, One Protocol: Moonwell's Oracle Problem Is Not New
This was not Moonwell's first oracle failure. According to on-chain analysts, the February 15 incident was the third oracle-related failure at the protocol in over four months, bringing the cumulative bad debt total to approximately $7.8 million.
That number - $7.8M across three failures over roughly 130 days - is not a random distribution of bad luck. It is a pattern. The same class of error, the same failure to implement price sanity checks, the same trust in the oracle feed as a source of truth without secondary validation, repeated three times.
The formula, as rekt.news noted in their analysis, is almost elegant in its repetition: trust the price feed, skip the sanity check, watch the bots feed. Three executions. Same result. Different victims each time.
The MIP-X43 upgrade that triggered the February 15 incident was described as routine infrastructure work - enabling Chainlink OEV wrappers to capture oracle extractable value. The irony is that this upgrade was specifically designed to optimize how oracles deliver price data. The team was actively working on oracle infrastructure and still deployed an oracle with a fundamental pricing error.
"Three oracle failures in over 4 months. Roughly $7.8 million in bad debt accumulated when all added up. Same protocol, same class of error, new victims." - @yieldsandmore, on-chain analyst
Moonwell has not yet published a comprehensive remediation plan addressing the structural root cause - the absence of deployment-time price sanity checks. What the protocol did announce was a governance proposal to compensate affected users. The source of that compensation, and the timeline, remained unclear as of this report.
DeFi's Accountability Vacuum: Who Signs Off on AI-Authored Production Code?
The Moonwell exploit has forced a question the DeFi industry has been successfully avoiding: when AI writes the code, who is accountable for what the AI missed?
The traditional liability chain in software development is clear. Developer writes code. Reviewer approves code. Organization deploys code. If the code has a critical bug, the chain runs upward from developer through reviewer to the organization. Insurance, legal recourse, and post-mortem accountability all flow through this chain.
AI co-authorship breaks this chain in a specific way. The co-author - Claude Opus 4.6 in this case - has no legal standing. It cannot be named in a lawsuit. It carries no insurance. Anthropic explicitly disclaims responsibility for how its models are used in production deployments. The developer who submitted the PR bears no obvious additional liability for using an AI tool that the organization permitted and that the review process treated as trusted.
This is not a hypothetical liability gap. It materialized into $1.78 million in real losses on February 15, held by real users who had their collateral correctly liquidated by protocol mechanics operating on incorrect data.
WhiteHatMage put it directly: the users who lost collateral in this incident did nothing wrong. They deposited cbETH as collateral in a protocol that governance had just approved a change to. The change broke the price feed. Bots operating correctly under the protocol's rules stripped their collateral. The governance vote that approved this change, with 99.1% support, had no mechanism to verify that the oracle configuration was correct before execution.
The deeper problem: DeFi governance is structurally incapable of performing technical due diligence at the speed technical changes are deployed. 99.1% of governance voters approved MIP-X43. Very few of those voters were in a position to independently verify that a cbETH oracle configuration was pulling two price feeds and multiplying them correctly. They trusted the developer, the AI review, the Copilot review, and the human audit. That trust was misplaced for $1.78 million.
The Broader AI-Coded DeFi Threat Surface
Moonwell's incident did not occur in isolation. The same week, rekt.news catalogued a series of DeFi exploits that collectively point toward a sector whose defensive infrastructure has not kept pace with its attack surface - or its deployment velocity.
FoomCash lost $2.26 million to an exploit targeting a broken ZK proof verifier that had never been properly initialized - a setup ceremony that was started but never completed. Decurity rescued $1.84 million of the drained funds, and the protocol kept $320,000 under its own "code is law" bounty structure. Net loss: $420,000. The root cause was a single skipped command-line step during deployment that left the cryptographic verifier permanently broken from day one.
IoTeX's ioTube bridge lost $4.4 million to a private key compromise. An attacker gained full admin control over the bridge contract through a single exposed key - the only meaningful security layer protecting the entire bridge. Two tokens were subsequently minted on top of the exploit, though IoTeX claims most are frozen or worthless. One key. One door. Gone.
YieldBlox on the Stellar network lost $10.97 million to oracle manipulation. An attacker pumped an illiquid collateral token, USTRY, 100x on the Stellar DEX. The YieldBlox oracle reported the artificial price as real. The attacker borrowed against the inflated collateral and extracted the underlying funds. Same mechanism as Moonwell - corrupt oracle data flowing through a lending protocol without adequate validation - different execution method, similar outcome.
The thread connecting these incidents is not sophisticated zero-day cryptography or complex MEV extraction. It is basic infrastructure failures: setup ceremonies that don't finish, private keys with no backup access controls, oracle feeds that accept any price as valid. The era of vibe-coding - shipping AI-assisted smart contracts at speed without systematic adversarial testing of the outputs - is now producing a corresponding era of vibe-rekt.
Source: rekt.news, FoomCash post-mortem, IoTeX incident report, Script3 YieldBlox incident analysis
Timeline: From Governance Vote to $1.78M in Four Minutes
PR #578 submitted to moonwell-contracts-v2 repository. GitHub Copilot reviews all four changed files, generates four comments. Claude Opus 4.6 listed as co-author. Human reviewers approve and merge.
Governance proposal MIP-X43 goes live on Moonwell. Token holders vote to activate Chainlink OEV wrappers. Proposal passes with 99.1% approval on Moonbeam governance.
MIP-X43 executes. cbETH oracle deploys with broken configuration. cbETH price reported at $1.12 instead of $2,200. All cbETH-backed positions immediately appear undercollateralized.
Liquidation bots detect undercollateralized positions. Begin seizing cbETH collateral at $1.12 valuation. Simultaneously, over-borrowers exploit the mispriced oracle from the supply side.
Anthias Labs detects the price discrepancy. Moonwell's risk manager slashes borrow cap to 0.01. But 1,096.317 cbETH has already been seized. $1,779,044.83 in bad debt has been generated across eleven assets.
Earliest possible oracle fix via new governance proposal and mandatory timelock. The broken oracle cannot be corrected without a full governance cycle. The damage is permanent.
DeFi security community debates AI accountability, vibe-coding risks, and governance processes. Moonwell announces compensation proposal. Root cause remediation plan not yet published.
What Has to Change - And Why It Probably Won't
The technical fix is straightforward to describe and difficult to implement at scale: every oracle deployment should include mandatory price sanity checks that reject values outside a plausible range before the feed goes live. If a deployed oracle reports that cbETH costs $1.12 and the previous price was $2,200, the deployment should revert and alert immediately. This is not novel engineering. It is basic defensive programming that the industry has failed to make mandatory.
The harder problem is governance velocity. DeFi protocols move fast because that is their competitive advantage. A five-day governance vote for every parameter change is already considered slow in a sector where market conditions change in hours. Adding mandatory deployment simulations, third-party price sanity checks, and adversarial oracle testing to every governance proposal would slow deployment cycles significantly.
On the AI co-authorship question specifically: the industry needs to develop clearer standards for what it means when an AI tool is listed as a code contributor. Claude's contributions to PR #578 were technically correct. The bug existed in adjacent code that neither Claude nor any other reviewer caught. Blaming the AI misses the actual lesson. But treating AI review as equivalent to human security auditing - which is effectively what happened when PR #578 passed through multiple automated and human review layers and entered governance - is the failure mode that requires systematic correction.
Patrick Collins of Cyfrin put it simply: treat AI like a smart junior developer. Verify its work independently. Never let it have the final word on production financial infrastructure. Implement automated adversarial testing that specifically targets the class of errors AI is known to miss - price feed arithmetic, unit conversion errors, fee accumulation rounding, and other numeric correctness issues that look fine in code review but are catastrophic when deployed.
The Moonwell incident is not the first vibe-coded exploit and it will not be the last. The $7.8 million across three Moonwell oracle failures in four months, combined with FoomCash's broken ZK verifier, IoTeX's single-key bridge, and YieldBlox's oracle manipulation, add up to a sector that is shipping production financial infrastructure with the confidence of an agile startup and the defensive infrastructure of a hackathon project.
Liquidation bots don't slow down for governance timelines. Attackers don't wait for five-day timelocks. The protocols that survive this period will be the ones that build adversarial testing into their deployment process before the bots do it for them.