Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
Solana 
TRON 
Lido Staked Ether 
Figure Heloc Moonwell Hit by $1M Exploit Linked to Chainlink Oracles, WELL Token Plunges
Timothy Young 
This week has been rough for DeFi. Just days after the $128 million Balancer exploit shook investor confidence, Moonwell one of the sector’s rising stars has been hit by a $1 million flash loan attack. The incident comes at a time when sentiment toward decentralized finance is already fragile, casting a longer shadow on what many hoped would be a recovery month for crypto.
Moonwell, a lending and borrowing platform running on Base and Optimism, confirmed that it suffered a loss tied to faulty oracle data supplied by Chainlink. The exploit didn’t reach catastrophic levels unlike the Balancer breach but it still managed to dent the credibility of a protocol that had been quietly gaining momentum. As of November 4, Moonwell’s assets under management sit around $234 million, down sharply from its $400 million peak earlier this year.
According to blockchain security firm CertiK, the attacker took advantage of a vulnerability in Chainlink’s rsETH/ETH oracle feed. A misreported price of wrstETH a restaked version of Lido’s stETH falsely showed each token as being worth over $5.8 million. This inflated valuation gave the attacker the upper hand. Using a flash loan, they deposited a mere 0.02 wrstETH, which Moonwell’s system mistakenly valued at $116,000 in collateral. From there, they were able to borrow 20 wstETH, draining roughly $1 million in assets across multiple small transactions before the exploit was flagged.
The attacker’s method was classic flash loan manipulation fast, automated, and precise. It leveraged the oracle’s temporary mispricing rather than directly breaching Moonwell’s smart contracts. This distinction is key. While the exploit exposed weak points in Moonwell’s reliance on external data feeds, it didn’t compromise its core lending logic. Still, investors and users aren’t taking comfort in technical nuances. WELL, Moonwell’s native token, fell to new 2025 lows after the attack, now down over 96% from its all-time high.
This isn’t Moonwell’s first run-in with smart contract trouble. The project previously lost $320,000 in a December 2024 exploit and another $1.7 million in October when its Base deployment was targeted during a broader market downturn. Each time, the team responded with patches and postmortems, but systemic trust is harder to rebuild than code.
In a brief statement, a Moonwell contributor acknowledged the exploit and said the team is “working with security partners to identify the root cause and prevent similar incidents in the future.” The focus now shifts to Chainlink’s oracle integrity and whether additional safeguards will be put in place to prevent mispricing events across interconnected protocols.
Despite the setback, some analysts see a silver lining. “The fact that this wasn’t a direct code exploit is somewhat reassuring,” one DeFi researcher commented. “It means the protocol itself is functional — but its dependencies need strengthening.” That subtle distinction could be what helps Moonwell recover faster than some of its DeFi peers.
For now, though, the timing couldn’t be worse. With investors already jittery and capital outflows accelerating across the ecosystem, even a relatively small exploit feels magnified. Moonwell’s latest incident serves as another reminder that in DeFi, innovation moves fast but vulnerabilities move faster. Whether the project can regain user trust may depend less on how it patches its code and more on how convincingly it rebuilds confidence in a market that’s running low on patience.
About the Author
Ryan Moore 
David Rich 
John Wood 