A failure in the Chainlink oracle led to an attack on Moonwell DeFi and a loss of $1 million
After the exploit, the price of the WELL token plummeted by 96%.
05.11.2025 - 13:15
394
2 min
0
The Moonwell DeFi decentralized lending platform was attacked due to an error in the oracle’s operation. The CertiK Alert analytical service reported this. The attack occurred on the Base and Optimism layers and was related to the manipulation of Chainlink oracle price data for the wstETH/ETH pair.
Источник: X.comHow the attack happened
The hacker used a flash loan, a type of unsecured loan often used in DeFi.
He took out a small loan — only 0,02 wstETH — and deposited it as collateral on the Moonwell platform. Due to an error, the oracle incorrectly valued the wstETH token, estimating its value at millions of dollars. The protocol decided that this was valuable collateral and allowed the attacker to take much more money than he had deposited.
The attack was repeated seven times in three hours. Each time, the attacker earned approximately 24,5–24,9 ETH.
All transactions were carried out in a single block, so the system did not have time to activate its liquidation mechanisms. As a result, the hacker made a profit of 292 ETH, which is approximately $1,01 million.
CertiK confirmed that the attack was caused by an error in the oracle’s pricing. This incident showed how risky the dependence of DeFi protocols on external infrastructure is. At the same time, the main Chainlink oracle network remained completely secure.
Token reaction to the exploit
After the news of the hack, the WELL token price plummeted to its lowest level in 2025. Its price fell more than 96% from its all-time high and is currently trading at $0,0108.
Experts, including BlockSec, note that such incidents are caused by systemic errors in the operation of oracles. Among the problems are outdated data update intervals and weak configuration of protection mechanisms. This shows how vulnerable the DeFi ecosystem is to such attacks.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 055
BTC
-1.59%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.04
XRP
-1.07%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.072291
DOGE
-2.93%
-
Zcash
$372.53
ZEC
-6.94%
-
Stellar XLM
$0.170967
XLM
-1.91%
-
Cardano
$0.142372
ADA
-2.12%
-
Polkadot
$3.32
DOT
+5.27%