Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
According to CertiK’s monitoring, the Moonwell lending contract suffered multiple attack transactions. The attacker exploited an incorrect oracle price for wrst (around USD 5.8 million). By using a flash loan of only about 0.02 wrstETH and depositing it, the attacker repeatedly borrowed over 20 wstETH, gaining 295 ETH (approximately USD 1 million) in profit. Attack method (per SlowMist): Oracle Attack. Reported loss: $ 1,000,000.
- chain
- —
- protocol
- Moonwell
- bug_class
- oracle
- date_occurred
- 2025-11-04
- loss_usd
- $1,000,000
- source_id
- sm:moonwell::2025-11-04