The incorrectly configured oracle of the DeFi lending platform Moonwell caused the price of Coinbase Wrapped ETH (cbETH) to be set at around $1 instead of the actual market price of about $2,200, triggering a chain liquidation that left the protocol with a bad debt of $1.78 million.
What happened: The Oracle bug triggered liquidation of the price of the oracle.
This error occurred on February 15 at 6:01 PM UTC. At that time, the governance proposal MIP-X43 of the Moonwell DAO was executed, activating the Chainlink OEV wrapper contract in the Base and Optimism global markets.
Risk management firm Anthias Labs reported in a forum post on Monday that one of the oracle configurations was incorrect. Originally, the ETH/USD price needed to be multiplied by the cbETH/Ethereum (ETH) price feed, but the system only used the cbETH/ETH raw exchange rate, reporting cbETH at approximately $1.12.
Trading bots immediately targeted the cbETH collateral positions.
Since the system valued cbETH at just over $1, liquidators were able to seize a total of 1,096.317 cbETH by repaying only about $1 in debt.
"As a result, most or all of the cbETH collateral of many borrowers has been burned, while the amount repaid is far below the actual borrowing value, leaving significant bad debt in the positions," wrote Anthias Labs.
A few users exploited the distorted prices to supply minimal collateral, excessively borrowing cbETH at artificially low prices, leading to additional bad debt. Munwell stated that the risk manager quickly reduced the cbETH borrowing and supply limit to 0.01 to mitigate further damage.
Reference article: What Keeps Ethereum Trapped Below $2,000?
Why it matters: Growing vulnerabilities in DeFi oracles
This incident added another case of a DeFi project suffering losses due to oracle configuration errors. In December, Ribbon Finance experienced a distortion in asset prices due to a decimal place mismatch during an oracle upgrade process, resulting in a loss of approximately $2.7 million. In January, Makina Finance was attacked by an oracle manipulation exploit based on flash loans, leading the attacker to steal approximately $4 million worth of ETH.
Munwell ended up with a total bad debt of $1,779,044 across various markets.
The upcoming governance vote will address the oracle configuration issues after the mandatory timelock period.
X(Some Twitter) some users pointed out that MIP-X43 was a co-authoring proposal for Claude Opus 4.6, criticizing the incident as a 'vibe coding' type mistake.
Next read: Bitcoin Accumulation Hits Record 372K BTC โ Is A Bounce Coming?