An AI Wrote the Code That Just Drained $1.8 Million From a DeFi Protocol
A pricing glitch that lasted only minutes just left DeFi lender Moonwell with $1.8 million in bad debt. And here's the part that should make every crypto investor pay attention: the faulty code was co-authored by Claude Opus 4.6, an AI coding assistant.
We've officially entered the era of AI-generated exploits.
WHAT HAPPENED
On Tuesday, a governance proposal on Moonwell updated Chainlink oracle configurations across its Base and Optimism markets. Oracles are the tools that feed real-world price data to smart contracts. They're the backbone of every lending protocol. Get them wrong, and everything falls apart.
That's exactly what happened.
The update caused Moonwell to value Coinbase Wrapped ETH (cbETH) at roughly $1.12 instead of its actual price around $2,200. The system calculated cbETH's relationship to ETH (about 1.12) but completely forgot to multiply by ETH's dollar price. It's the kind of mistake that sounds almost too simple to believe.
But simple mistakes in DeFi don't stay small for long.
HOW BOTS ATE $2.4 MILLION IN MINUTES
Liquidation bots are always watching. They're programmed to pounce when collateral falls below required thresholds, repaying debt and seizing assets at a discount. When cbETH suddenly appeared to be worth a dollar instead of $2,200, every single cbETH position on Moonwell looked massively undercollateralized.
The bots didn't hesitate. They repaid roughly $1 worth of debt to seize one whole cbETH token worth over $2,000. According to risk manager Anthias Labs, 1,096 cbETH tokens ($2.44 million) were seized in minutes.
Some opportunistic users also jumped in from the other side. They deposited tiny amounts of collateral and borrowed cbETH at the artificially low valuation, piling on more losses.
Moonwell slashed supply and borrow caps quickly to stop the bleeding. But here's the catch: fixing the actual oracle required a governance vote with a five day timelock. You can't just flip a switch when your protocol runs on decentralized governance.
THE AI ANGLE NOBODY CAN IGNORE
Security auditor Krum Pashov flagged something that changes the entire conversation around this exploit. GitHub commits tied to the governance proposal were co-authored by Claude Opus 4.6, Anthropic's AI coding assistant.
His post on X asked a pointed question: "Is this the first hack of vibe-coded Solidity code?"
I think that framing matters more than people realize. We're not talking about some theoretical risk anymore. AI coding tools are writing production smart contract code that handles real money. And when that code has a bug, the consequences aren't a broken webpage or a slow app. It's millions of dollars gone in minutes.
The term "vibe coding" started as a joke about letting AI generate code while you barely review it. But the joke stops being funny when it's writing oracle logic for a lending protocol.
To be fair, we don't know exactly how much of the faulty logic came from the AI versus human developers. Co-authored commits could mean anything from "the AI wrote 90% of it" to "the AI suggested a few lines." But the fact that this question even needs to be asked should worry anyone building in DeFi.
THE BIGGER PICTURE: DEFI'S ORACLE PROBLEM ISN'T NEW
Oracle failures aren't some rare occurrence. They're one of the oldest and most consistent attack vectors in decentralized finance. Mango Markets lost $114 million to oracle manipulation in 2022. Cream Finance got drained for $130 million. The list goes on.
What makes this incident different is the cause. This wasn't a malicious actor gaming a price feed. It wasn't a flash loan attack designed to manipulate a thin market. It was a simple configuration error in a governance update. An error that went through review, was approved by voters, and still made it to production.
And now we know AI tools are contributing to that pipeline.
MARKET CONTEXT: WHY THIS MATTERS RIGHT NOW
This isn't happening in a vacuum. Bitcoin is sitting around $67,000 this morning, trapped in a tight $65,100 to $72,000 range since the Feb. 5 selloff. The Fear and Greed Index reads 51. Neutral. The market can't decide what it wants to do.
Meanwhile, smart money is making moves. Peter Thiel's Founders Fund just dumped every single share of ETHZilla, the Ethereum treasury firm modeled after Strategy (formerly MicroStrategy). They went from a 7.5% stake to zero. ETHZilla itself panic-sold $114 million in ETH between October and December.
When billion-dollar funds are bailing on Ethereum, and the smart contracts running on Ethereum can't even price their own assets correctly, you've got a trust problem that goes beyond just one protocol.
The DAO from 2016, the original Ethereum crisis, is also back in the news today. Its untouched funds are being converted into a $150 million security endowment for the Ethereum ecosystem. Ten years later, and we're still building security infrastructure for the same types of failures.
WHAT THIS MEANS FOR YOU
If you're using DeFi lending protocols, this is your reminder that oracles are a single point of failure. It doesn't matter how audited the smart contract logic is. If the price feed breaks, the protocol does what it's programmed to do. And that program doesn't care if the data is wrong.
A few things to watch:
Your collateral ratios matter more than you think. If you're running close to liquidation thresholds, an oracle glitch like this won't give you time to react. Bots move in seconds.
Governance timelocks are a double edged sword. They prevent rash decisions, but they also mean real emergencies can't be fixed quickly. Moonwell couldn't patch the oracle for five days.
AI-generated code in crypto needs more scrutiny, not less. We're at the stage where AI tools are productive enough to ship code but not reliable enough to trust without deep human review. The gap between those two things is where the money disappears.
Honestly, I think the industry hasn't reckoned with how fast AI is changing the security landscape. The same tools that make development faster also make bugs faster. And in DeFi, faster bugs mean faster losses.
THE BOTTOM LINE
A simple multiplication error. That's what this comes down to. cbETH's exchange rate times ETH's dollar price. Someone, or something, forgot the second part of that equation. Bots did the rest.
The $1.8 million in bad debt is relatively small by DeFi exploit standards. But the precedent it sets isn't small at all. If AI-assisted code can ship an oracle bug to a live protocol, and governance processes can't catch it, and timelocks prevent rapid fixes, then the entire DeFi development pipeline needs to be rethought.
We're building financial infrastructure with tools we don't fully control. That should keep you up at night.
Related Articles
Institutions Won't Stop Buying Crypto. Retail Investors Can't Stop Selling. Who's Right?
Bitcoin is sitting at $68,000. Down 21% on the year. The Fear and Greed Index reads 41. Memecoins are bleeding. Retail traders are panic selling into every bounce. And yet, right now, some of the biggest money in the world is quietly backing up the truck. Strategy just bought another $168 million in bitcoin. BitMine dropped $90 million on ethereum in a single week. An Italian bank with $900 billion in assets just disclosed $100 million in bitcoin ETF holdings. These aren't dumb money moves. Th
Restaking Is the Hottest Trend in Crypto and the Riskiest
EigenLayer has over $18 billion in TVL. Restaking promises higher yields on staked ETH. But underneath the hype is a risk model that most depositors don't understand.
Liquid Staking Protocols Now Hold More ETH Than the Beacon Chain Deposit Contract
Lido, Coinbase, Binance, and other liquid staking providers collectively control more staked ETH than solo validators. That concentration is both a success story and a ticking time bomb.