Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
According to The Block, DeFi lending protocol Moonwell is facing a governance attack on its Moonriver deployment, where an unknown attacker spent approximately $1,800 to acquire 40 million MFAM tokens and managed to buy, propose, and pass a initial vote within just 11 minutes. The attacker is seeking to transfer administrative control of seven lending markets, the comptroller, and the oracle to a malicious contract, which would enable the extraction of roughly $1.08 million in user funds. Although the proposal reached a quorum early on, "No" votes have since taken the lead, and while the voting is set to continue until March 27, the final outcome remains dependent on the remaining votes and community coordination. Attack method (per SlowMist): Governance Attack. Reported loss: 0.
- chain
- —
- protocol
- Moonwell
- bug_class
- oracle
- date_occurred
- 2026-03-26
- loss_usd
- —
- source_id
- sm:moonwell::2026-03-26