A serious security incident has occurred on the DeFi lending protocol Moonwell after the smart contract code was allegedly written with the involvement of AI model Claude Opus 4.6. According to smart contract auditor Pashov, the code generated by Claude Opus 4.6 contains a critical vulnerability, leading to an exploit that caused approximately $1.78 million in damages.
Specifically, the price of cbETH was set incorrectly at $1.12 instead of around $2,200, enabling attackers to manipulate the system. The project’s pull requests (PRs) show several commits co-authored by Claude, raising the possibility that this is the first hack related to Solidity code in a “vibe-coding” style supported by AI.
SlowMist founder Cos stated that the root cause stemmed from a low-level error in the oracle price feed formula.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ledger Donjon Finds MediaTek Flaw Exposing Android Wallet Seeds
_Ledger Donjon exposed a MediaTek vulnerability that extracts Android wallet seed phrases in under 45 seconds, affecting millions of devices. CVE-2025-20435._
Ledger Donjon has uncovered a serious MediaTek vulnerability. It lets attackers pull wallet seed phrases from Android phones in seconds.
LiveBTCNews33m ago
Suspected hacker address responsible for CAKE and THE liquidation events, Venus incurs a $2.15 million shortfall
On March 15th, a suspected hacker address received 7,400 ETH from Tornado Cash, orchestrating liquidation events for CAKE and THE collateral that resulted in approximately $2.15 million in losses for Venus. The address manipulated THE price through complex operations, ultimately leading to the liquidation of its collateral on Venus, though substantial borrowed funds remain unpaid. Analysis suggests this event may have been a strategy employed to profit on a certain CEX.
GateNews3h ago
Venus Protocol Pauses THE Token Borrowing and Withdrawal Operations, Other Markets Operating Normally
Gate News reports that on March 15, Venus Protocol issued a security announcement stating that during the investigation of abnormal activity in the THE liquidity pool, preventive measures were taken to prevent further misuse, and all borrowing and withdrawal operations of THE tokens were immediately suspended. This measure will remain in effect until the investigation is concluded. Venus Protocol stated that other markets were unaffected and will continue to operate normally.
GateNews3h ago
Venus Protocol Allegedly Suffers Flash Loan Attack, THE Experiences Massive Liquidations
BNB Chain lending protocol Venus Protocol appears to have suffered a flash loan attack, resulting in massive liquidation of the token THE. The attacker has obtained approximately $3.6 million in assets, with liquidations ongoing. Currently, approximately 42 million THE tokens are awaiting liquidation.
GateNews5h ago
CCTV 315 Gala Exposes AI Large Model Data Poisoning Industry Chain, Pay to Manipulate AI Response Content
CCTV 315 Gala exposed the AI large model data "poisoning" industry chain, involving a business named GEO. Service providers charge fees to make client products stand out in AI models, spawning press release companies that become key links in data manipulation.
GateNews5h ago
Tether Freezes Approximately 11.96 Million USDT on Tron Chain Address
On March 15, Tether froze 11,960,680 USDT on a Tron chain address using the blacklist function of smart contracts. This action typically stems from law enforcement requests related to money laundering and fraud. Over the past several years, Tether has cumulatively frozen more than $4.2 billion in USDT.
GateNews5h ago
