Commissioned, Curated and Published by Russ. Researched and written with AI.
What’s New
Quieter day – nothing today that materially shifts the thesis.
Changelog
| Date | Summary |
|---|---|
| 26 Mar 2026 | Initial publication. |
At 6:01 PM UTC on February 15, Moonwell’s governance proposal MIP-X43 executed on-chain. Its purpose was routine – enabling Chainlink OEV wrapper contracts across Moonwell’s core markets on Base and Optimism, a standard infrastructure upgrade. One oracle configuration was wrong.
cbETH is a liquid staking token. One cbETH buys you roughly 1.12 ETH, the extra reflecting accumulated staking rewards. To price it in dollars, you multiply that ratio by the ETH/USD price. The deployed oracle skipped the second number entirely, treating the cbETH/ETH ratio – 1.12 – as a dollar value. An asset trading at $2,200 was suddenly reported at $1.12. A 99.9% discount, live on-chain, open to anyone watching.
Liquidation bots were watching. They always are.
Four Minutes
Within the same block, automated liquidators began targeting every cbETH-backed position on the protocol. The math was trivial: repay a dollar of debt, seize cbETH collateral worth $2,200 in the real world. Repeat.
Anthias Labs detected the discrepancy and cut the borrow cap to 0.01. That took four minutes.
By then, 1,096.317 cbETH had already been seized. Borrowers’ collateral was wiped, leaving residual debt they still owed. A separate group moved in the opposite direction – depositing minimal collateral, borrowing cbETH at the artificial price, and walking away with the spread.
Total damage across eleven assets: $1,779,044.83. The cbETH line alone was $1,033,393. The rest – WETH, USDC, EURC, cbBTC and others – reflects the blast radius as borrowers with mixed portfolios had all their collateral dragged underwater when cbETH’s reported value collapsed.
Correcting the oracle itself required a five-day governance voting and timelock period that could not be bypassed. The bots had finished their work long before that clock started.
The Commit
This is where the February 15 incident diverges from the standard DeFi postmortem.
Pull Request #578 landed in Moonwell’s GitHub to activate Chainlink OEV wrappers. Contributor anajuliabit submitted it across four changed files. GitHub’s Copilot reviewed all four and generated four comments. The proposal passed with 99.1% of governance votes in favour.
The commit message contained one line: “Co-Authored-By: Claude Opus 4.6.”
Claude’s documented contributions were careful work – fixing int256 validation, adding a try/catch on chainlinkOracle() to avoid redeploying when two configs share the same oracle, removing an unused ProxyAdmin import, and swapping in assertTrue(answer > 0) to properly catch negative oracle prices. Exactly the kind of defensive programming you’d want on a production deployment.
What neither Claude nor Copilot flagged: the cbETH price feed was pulling only the cbETH/ETH exchange rate and treating it as a dollar value. The ETH/USD multiplication – the one step that turns a ratio into a real price – was absent. Neither did the human reviewers. Neither did the 99.1% of governance voters who approved it.
Mikko Ohtamaa ran his own experiment after the incident, feeding the same PR directly to Claude with a precise prompt asking it to identify the incorrect oracle configuration. His conclusion is worth quoting in full: “Regardless of whether the code is written by an AI or by a human, these kinds of errors are caught in an automated integration test suite… In this case, tests existed, but there was no test case for price sanity, not in the tests, not in the production itself.” He added that a human deployer should also be performing manual checks as part of the DAO process, and that none of that happened here either.
That’s the accurate framing. The AI made the error. The humans ratified it. But the root cause – missing price sanity tests – predates AI involvement in any codebase.
Patrick Collins of Cyfrin put the AI-specific risk more directly: “AI is really good at convincing you that your code is good. Remember, AI is like a really smart fast-working recently graduated post-grad, and is actually still kind of an idiot. And will lose you millions of dollars.”
That tension is real. A human engineer staring at a cbETH oracle outputting $1.12 might register something – a number that doesn’t match what they’d seen on Coinbase that morning. AI produces a plausible, well-formatted answer and moves on. There is no flicker of wrongness. Code that reads as correct is not the same as code that is correct.
Security researcher Pashov, who surfaced the Claude co-authorship publicly, offered the honest summary: “Of course, human behind AI decides and reviews the code, possibly a security auditor as well. Sad to see another exploit, but makes you wonder a bit about vibe-coding.”
The Third Time
The February 15 incident was not Moonwell’s first oracle failure.
October 10, 2025: Oracle feeds mispriced three volatile tokens. An attacker used flash loans to drain positions at 85-88% LTV. Bad debt: $1.7M. The governance community voted to cover it from protocol reserves.
November 4, 2025: The wrsETH oracle fed an absurd value – 1 wrsETH = 1,649,934 ETH – after the Balancer exploit destabilized rsETH liquidity the day before. The same attacker returned. Bad debt: $3.7M.
February 15, 2026: cbETH oracle missing one multiplication. AI-assisted code. Bad debt: $1.78M.
Three incidents in just over four months. Roughly $7.8M in accumulated bad debt. The same class of error twice – a price feed reporting something that should have failed any basic sanity check, executed twice with the missing ETH/USD multiplier across two different liquid staking tokens.
Crypto analyst yieldsandmore compiled the ledger and delivered a three-word verdict: “Do. Not. Use. It.”
The October precedent – governance voting to cover bad debt from protocol reserves – is now what users in the February forum threads are pointing to. The same playbook ran. The same question is back on the table.
The Actual Fix
The vibe coding debate is worth separating into its layers.
Claude Opus 4.6 co-authored the commit. Copilot reviewed it. Neither caught the missing multiplication. That is a legitimate data point about the limits of AI code review in high-stakes deployments. The AI made plausible, well-formatted contributions and missed the one thing that mattered.
But Mikko Ohtamaa is right that the structural failure is simpler. A price sanity check – a floor assertion that a reported price of $1.12 for an asset trading at $2,200 should halt deployment immediately – would have caught this regardless of who wrote the code. Tests existed. The right test didn’t.
The five-day governance timelock deserves scrutiny too. When your fastest defence moves in minutes and your attackers move in milliseconds, a mandatory five-day window to fix an emergency is not a safeguard. It’s a liability.
If you are deploying oracle configurations – AI-assisted or otherwise – the minimum bar is a price sanity check that validates actual dollar output against a known reference before anything goes live. That is not a novel suggestion. It is just the one that keeps not getting implemented.
DeFi promised to replace trusted intermediaries with trustless code. Trustless code still has to be right. Right now, nobody in the pipeline – not the AI, not the human reviewer, not Copilot, not the DAO – is reliably catching wrong.
That is the problem worth fixing. Not who wrote the code.
Sources: Rekt News, Moonwell Governance Forum MIP-X43, Decrypt