DeFi-Lender Moonwell erleidet 1 Million Dollar Verlust durch Chainlink-Datenfehler

Ein kritischer Datenfehler bei Chainlink hat zu einem massiven Sicherheitsvorfall beim DeFi-Protokoll Moonwell geführt.

Die Lücke im Oracle-System ermöglichte Angreifern, fälschliche Preisdaten auszunutzen und so Vermögenswerte im Wert von über 1 Million Dollar zu entwenden.

Chainlink-Oracle als Einfallstor

Die Schwachstelle im dezentralen Oracle-Netzwerk erlaubte es Hackern, manipulierte Preisfeed-Daten in das Moonwell-Protokoll einzuspeisen. Diese Sicherheitslücke wurde genutzt, um Kredite auf Basis falscher Collateral-Werte aufzunehmen - ein klassischer Fall von Oracle-Manipulation, der zeigt, dass auch die vermeintlich sichersten Infrastrukturen angreifbar bleiben.

DeFi-Risiken bleiben real

Trotz der 1 Million Dollar Verlust demonstriert der Vorfall die Widerstandsfähigkeit der DeFi-Ökonomie. Während traditionelle Finanzinstitute bei solchen Summen bereits Insolvenz anmelden würden, operiert Moonwell weiter - eine Erinnerung daran, dass in der digitalen Finanzwelt selbst Fehler Wachstumschancen darstellen können.

Moonwell marks fourth significant exploit

Moonwell is a relatively old DeFi protocol, spread across multiple chains. As of November 2025, the protocol held $213M in its lending vaults. Moonwell uses Base, Optimism, Moonbeam, and Moonriver networks. 

The protocol has seen previous attacks, with four exploits in the past three years. Moonwell is a fork of Compound V2, inheriting some of the protocol’s problems. 

Previously, Moonwell suffered a bad loan incident on October 10, losing $1.7M. In December 2024, the protocol saw another flash loan exploit for $320K. In 2022, Moonwell suffered losses due to a bridge exploit, which affected the protocol. 

WELL token crashes after exploit

Moonwell’s native WELL token crashed after the news of the exploit. WELL lost over 15% to $0.011. As with other hacks, the losses from broken reputation and token crashes are even bigger than the exploit itself. 

The exploit brought a loss of reputation for Moonwell, causing a bank run on its stablecoin vaults. Users withdrew their USDC, causing effective APY to spike as high as 168%. The run from Moonwell vaults follows withdrawals from Balancer on Monday. 

Moonwell’s team did not comment on the hack for hours after the incident. The current exploit is seen as similar to the one on October 10, which means the protocol did not implement a fix. On-chain data shows a similar attack may have happened, taking 269 ETH through flawed pricing, but neither the team nor researchers noticed the withdrawals at that time. 

Moonwell claims to have undergone multiple security audits, but this did not prevent the additional hack. Despite the lower level of attacks against Web3 protocols, the recent events show the Ethereum ecosystem may hold risks when tasked with securing more value and bigger trades.

Get up to $30,050 in trading rewards when you join Bybit today