{"id":94395,"date":"2026-02-18T10:34:03","date_gmt":"2026-02-18T07:34:03","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=94395"},"modified":"2026-02-19T10:40:29","modified_gmt":"2026-02-19T07:40:29","slug":"vibe-coding-via-claude-opus-leads-to-moonwell-defi-project-breach","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/vibe-coding-via-claude-opus-leads-to-moonwell-defi-project-breach\/","title":{"rendered":"Vibe Coding via Claude Opus Leads to Moonwell DeFi Project Breach"},"content":{"rendered":"

The lending protocol Moonwell lost<\/a> $1.78 million due to an oracle configuration error. Smart contract auditor Pashov linked the incident to vibe coding<\/span> through Claude Opus 4.6.<\/p>\n

The failure occurred on February 15 following the activation of the Moonwell DAO<\/a> proposal \u2014 MIP-X43. It allowed contracts using Chainlink<\/a> OEV on the Base<\/a> and Optimism<\/a> markets.<\/p>\n

Technical Error<\/h2>\n

One of the oracles was incorrectly configured. It inaccurately determined the dollar price of Coinbase Wrapped ETH.<\/p>\n

Instead of multiplying the cbETH\/ETH rate by the ETH\/USD price, the system only transmitted the token ratio. As a result, the oracle showed a cbETH price of about $1.12 instead of ~$2200.<\/p>\n

Consequences for Users<\/h2>\n

Abnormally low quotes triggered a wave of liquidations. Trading bots attacked positions collateralized in cbETH. They repaid approximately $1 of debt and received 1096.317 cbETH in return.<\/p>\n

This wiped out most or all of the cbETH collateral for many borrowers, leaving a significant debt on their positions. Simultaneously, some users provided minimal collateral to borrow cbETH at the reduced price.<\/p>\n

\n

\u201cAs soon as the problem was discovered, our risk manager @anthiasxyz promptly reduced the cbETH borrowing limit to 0.01 to limit further risks to the protocol,\u201d Moonwell representatives wrote.<\/p>\n<\/blockquote>\n

Is Vibe Coding to Blame?<\/h2>\n

Smart contract auditor Pashov noted that commits<\/span> for Moonwell were co-authored with Claude Opus 4.6.<\/p>\n

\n

\ud83d\udea8Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss<\/p>\n

cbETH asset’s price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude \u2014 Is this the first hack of vibe-coded Solidity code? pic.twitter.com\/4p78ZZvd67<\/a><\/p>\n

\u2014 pashov (@pashov) February 17, 2026<\/a><\/p><\/blockquote>\n