Oracle Error Leaves DeFi Lender Moonwell With $1.8 Million in Bad Debt

A Sunday morning pricing glitch turned into a multimillion-dollar headache for the DeFi lending platform Moonwell, after a “misconfigured oracle” briefly valued Coinbase Wrapped ETH (cbETH) at just $1.

The pricing error effected caused a 99.9% discount from the asset’s actual market value of roughly $2,200. The error triggered a wave of liquidations, ultimately leaving the platform with approximately $1.78 million in bad debt.

“Once identified, our risk manager @anthiasxyz moved quickly to reduce the cbETH borrow cap to 0.01 to contain further risk to the protocol,” Moonwell wrote on X on Monday. “The supply cap was also reduced to 0.01 to prevent new users from unknowingly supplying to the affected market.”

In a Moonwell forum post on Monday, risk management firm Anthias Labs reported the error occurred at 6:01 PM UTC on February 15, when the Moonwell DAO governance proposal, MIP-X43, was executed, enabling Chainlink OEV wrapper contracts across markets on Base and Optimism. One of these oracles was misconfigured and failed to price cbETH’s USD value correctly.

Moonwell said that instead of multiplying the cbETH/ETH feed by the ETH/USD price, the system used only the raw cbETH/ETH exchange rate. As a result, the oracle reported cbETH at around $1.12.

Trading bots began targeting cbETH collateral positions, and because the system believed cbETH was worth just over $1, liquidators were able to repay roughly $1 of debt to seize a total of 1,096.317 cbETH, the company said.

“This wiped out most or all of the cbETH collateral for many borrowers, while leaving substantial bad debt on their positions since the repaid amount was far below the actual borrowed value,” Anthias Labs wrote.

The distorted pricing also enabled exploitation.

“A smaller number of users exploited the distorted pricing to supply minimal collateral, massively over-borrow cbETH at the artificially low reported price, and instantly generate additional bad debt denominated in cbETH,” the firm added.

While the misconfigured Oracle took much of the blame, users on X began circulating images of the MIP-X43 as being co-authored by Claude Opus 4.6, with some calling it a “vibe coding” error.

When asked by Decrypt about the error and resulting exploit, Moonwell spokesperson declined to comment.

Overall, Moonwell was left with $1,779,044 in total bad debt across various markets, according to the post.

According to Moonwell, a forthcoming governance vote will address the oracle configuration following the required timelock period.

Moonwell is the latest in a growing list of DeFi projects exploited due to misconfigured oracles. In December, Ribbon Finance lost about $2.7 million after a decimal mismatch in an oracle upgrade distorted asset pricing and enabled over-collateralization.

In January, DeFi platform Makina Finance was exploited via flash-loan-driven oracle manipulation, allowing an attacker to extract roughly $4 million in ETH.