The decentralized lending protocol Moonwell fell victim to a significant hack on November 4, 2025, resulting in approximately $1 million in losses due to a flaw in Chainlink's oracle price feeds. According to blockchain security firm CertiK, the attack exploited a vulnerability in an off-chain oracle feed for the rsETH/ETH pair, which incorrectly reported the price of wrstETH—a restaked version of stETH on Lido—at over $5.8 million per token, while Ethereum (ETH) was trading below $3,500.
The attacker, likely an MEV bot, used a flashloan attack on Moonwell's smart contracts deployed on Base and Optimism layer-2 networks. By depositing just 0.02 wrstETH, valued at over $116,000 due to the faulty oracle, the attacker borrowed 20 wstETH, draining the protocol's reserves. This process was repeated across multiple transactions, ultimately siphoning 295 ETH (around $1 million) before the flaw was detected.
This incident is not isolated; Moonwell has faced previous exploits, including a $320,000 loss in December 2024 and over $1.7 million lost in October 2024. Despite the hack, the lending logic remains sound, but reliance on external oracles like Chainlink has exposed weaknesses. Moonwell's total value locked (TVL) has declined from a peak of nearly $400 million to about $234 million as of November 4, and its native token, WELL, crashed to all-time lows, with losses exceeding 96% from its highs.
SOL
BTC
ETH