Moonwell Lending Contract Exploited via Oracle Price Error, $1M Stolen

Security firm BlockSec warns of an rsETH/ETH price oracle flaw impacting Moonwell’s Base and Optimism contracts, with MEV bots suspected in the $1M exploit.

ETH

RSETH

168d ago

Summary

BlockSec Phalcon detected suspicious activity targeting MoonwellDeFi lending contracts deployed on the Base and Optimism networks. The attack exploited a vulnerability in the rsETH/ETH price oracle, likely leveraged by MEV bots, causing losses over $1 million. This marks another instance of DeFi risk from mispriced oracle data affecting lending operations.

Terms & Concepts

Oracle: A service that provides blockchain applications with external data, such as asset prices, enabling smart contracts to react to real-world events.
MEV bot: A program designed to maximize extractable value from blockchain transactions by reordering, inserting, or censoring them within blocks.
rsETH: A token representing staked Ethereum in the liquid staking protocol, used within DeFi lending and trading operations.