Vibe Coding Just Cost Moonwell $1.78 Million. Here’s What Every Protocol Needs to Learn.

---

TL;DR

On February 15, 2026, DeFi lending protocol Moonwell lost $1.78 million after an oracle misconfiguration priced cbETH at $1.12 instead of its actual value of ~$2,200. The code was co-authored by Claude Opus 4.6. It’s being called the first major exploit of “vibe-coded” Solidity — and it won’t be the last.

---

On February 15, a governance proposal went live on Moonwell. It was supposed to be routine: update Chainlink oracle configurations across Base and Optimism markets. Instead, it introduced a pricing error so fundamental that liquidation bots drained 1,096 cbETH before anyone could react.

The oracle used only the raw cbETH/ETH exchange rate — approximately 1.12 — without multiplying it by the ETH/USD price. The result: Moonwell’s system believed that an asset worth $2,200 was worth $1.12.

Every cbETH-backed position was instantly underwater. Liquidators repaid roughly $1 of debt to seize entire collateral positions. By the time monitoring systems caught the discrepancy and set borrow caps to zero, $1.78 million in bad debt had already been generated.

The fix required a five-day governance vote and timelock period. There was no emergency override.

The AI in the Room

What elevated this from “another oracle bug” to industry-wide controversy was a detail in the GitHub commit history: the pull request was co-authored by Claude Opus 4.6, Anthropic’s advanced AI model.

Security auditor Pashov was the first to flag it publicly. The contributor’s GitHub profile showed over 1,000 commits in the past week — a pace that only makes sense with heavy AI assistance.

The irony was not lost on the community. Just days before the exploit, Anthropic had highlighted Claude Opus 4.6’s ability to identify over 500 vulnerabilities in external software projects during internal testing. The same model that could find vulnerabilities in other people’s code had introduced one into production.

This is what the industry is now calling “vibe coding” — a development workflow where programmers lean on AI to rapidly generate code from prompts, accepting outputs with minimal line-by-line verification. Speed over scrutiny. Iteration over inspection.

Why This Was Inevitable

Let’s be clear about something: this was not a sophisticated exploit. As SlowMist founder Cos put it, it was “a very basic mistake.” The oracle formula was wrong in a way that any competent integration test would have caught.

As trading strategist Mikko Ohtamaa pointed out, “regardless of whether the code is written by an AI or by a human, these kinds of errors are caught in an automated integration test suite.” He noted that Claude can even write these tests itself — but in this case, there was no test for price sanity.

That’s the real failure. Not that AI wrote the code. That no one verified it.

This pattern is going to accelerate. AI coding tools are getting better, faster, and more accessible. The barrier to deploying smart contracts is dropping. And the gap between “code that compiles” and “code that’s secure” is widening.

A study published just weeks before the Moonwell incident identified 69 vulnerabilities across 15 applications created using popular AI coding tools including Cursor, Claude Code, and others. The vulnerabilities are not edge cases. They are systematic.

Moonwell’s Deeper Problem

This wasn’t Moonwell’s first oracle failure. It was their third in six months:

• October 2025: A pricing discrepancy between Chainlink feeds and DEXs on Base led to $12 million in liquidations and $1.7 million in bad debt.
• November 2025: The $129 million Balancer hack cascaded into Moonwell’s wrsETH/ETH oracle, creating $3.7 million in bad debt.
• February 2026: The cbETH oracle misconfiguration — $1.78 million in bad debt.

Total bad debt from oracle issues alone: over $7 million. And according to on-chain analysis, at least two of these incidents were exploited by the same attacker, who is “clearly constantly scanning Moonwell for extractable value.”

The pattern here is not about AI. It is about systemic failure in oracle validation. AI made it easier to introduce the specific error, but the absence of safeguards — automated testing, simulation, independent review — is what made it exploitable.

The Industry Response

The Moonwell exploit has catalyzed a broader reckoning. Algorand published a detailed warning to developers just days later, explicitly cautioning against vibe coding smart contracts to mainnet. Their core argument: smart contract vulnerabilities cause immediate, irreversible fund loss with no legal recovery path.

Fraser Edwards, CEO of cheqd, argued that the vibe coding discourse masks two distinct realities. There’s a difference between using AI as an accelerant within a rigorous development process and using AI as a replacement for that process entirely.

Pashov’s response was measured but telling. He said his firm wouldn’t fundamentally change its audit process, but if code appeared vibe-coded, his team would “have a bit more wide open eyes” and expect a higher density of low-hanging issues.

The community sentiment on X was less restrained. The dominant reaction was disbelief — not that AI can write buggy code (everyone knows it can), but that a protocol holding $90 million in TVL would ship AI-generated oracle logic without adequate testing.

What Actually Needs to Change

The debate about whether AI should write smart contracts is the wrong debate. AI will write smart contracts. It already does. The question is what the security layer looks like.

Here’s what actually prevents this:

1. Automated price sanity checks. Any oracle update that results in a price deviation of more than a configurable threshold should be flagged or blocked before deployment. This is not complex engineering. It’s table stakes.

2. Simulation before governance execution. Proposals that modify oracle configurations should be simulated against real market data in a staging environment before they ever hit mainnet. If Moonwell had run MIP-X43 through a fork simulation, the $1.12 price would have been caught immediately.

3. Independent security review for AI-generated code. Not because AI code is inherently worse — but because AI code is generated faster than humans can review it. The review process needs to match the development pace. Automated auditing tools, combined with human oversight on critical paths, bridge this gap.

4. Circuit breakers. The five-day governance timelock that prevented an emergency oracle fix is a governance design failure. Protocols need guardian mechanisms — independent security agents that can pause operations when anomalies are detected, without waiting for a governance vote.

5. Continuous monitoring. Point-in-time audits are necessary but insufficient. When oracle configurations change post-deployment, the security posture changes too. Real-time monitoring that catches pricing anomalies in seconds — not hours — is the difference between a near-miss and a $1.78 million loss.

The Bigger Picture

January 2026 alone saw seven DeFi protocols suffer hacks, with total losses of approximately $86 million. Hackers are doubling the speed at which they launder stolen funds, using mixers and DeFi to obscure their tracks.

Meanwhile, the barrier to deploying vulnerable code has never been lower.

This is the convergence we warned about in our piece on the future of security as guardianship. The tools for building are accelerating faster than the tools for defending. AI doesn’t just write code — it writes code at a scale and speed that renders traditional review processes obsolete.

The protocols that survive will be the ones that treat security not as a one-time audit, but as continuous guardianship. Automated. Agentic. Always on.

The ones that don’t will keep feeding the same liquidation bots that drained Moonwell.

---

FailSafe provides end-to-end security for blockchain and AI systems — from smart contract audits and penetration testing to continuous monitoring and real-time threat detection. If you’re building with AI-generated code, talk to us before you ship.