A serious security incident has occurred on the DeFi lending protocol Moonwell after the smart contract code was allegedly written with the involvement of AI model Claude Opus 4.6. According to smart contract auditor Pashov, the code generated by Claude Opus 4.6 contains a critical vulnerability, leading to an exploit that caused approximately $1.78 million in damages.
Specifically, the price of cbETH was set incorrectly at $1.12 instead of around $2,200, enabling attackers to manipulate the system. The project’s pull requests (PRs) show several commits co-authored by Claude, raising the possibility that this is the first hack related to Solidity code in a “vibe-coding” style supported by AI.
SlowMist founder Cos stated that the root cause stemmed from a low-level error in the oracle price feed formula.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Canadian Cryptocurrency Business Owner, 33, Kidnapped in Madrid, Spain; Two Suspects Arrested
A kidnapping incident occurred in Madrid, Spain, where a 33-year-old Canadian cryptocurrency entrepreneur was forcibly detained by multiple men with the intent to steal BTC and private keys. Police rescued the victim in time and arrested two suspects. The case involves premeditated stalking and physical coercion attacks and remains under investigation.
GateNews7h ago
Bitrefill Cyberattack Exposes 18,500 Records, Lazarus Group Suspected
Bitrefill suffered a cyberattack on March 1, 2026, linked to the Lazarus Group, exposing 18,500 user records and draining funds. The company will cover all losses and has implemented enhanced security measures.
TheNewsCrypto8h ago
A certain CEX warning: The token labeled as "BTC" on the TON network is a scam token, and it is assisting users in dealing with it.
A certain CEX responded to users stating that Bitcoin is not on the TON network. The tokens users transferred in were marked as "BTC" but were actually scam tokens. The exchange is assisting in asset recovery, though the process is complex and time-consuming. The exchange reminds users to be vigilant against misoperations and fraud risks.
GateNews9h ago
Indian Man Falls Victim to Fake Crypto Investment Scam, Loses ₹71.6 Lakh
A Maharashtra insurance consultant lost ₹71.6 lakh to crypto investment scams, mirroring India's rising online fraud, with over 24 lakh complaints and ₹22,495 crore in losses reported by the National Cyber Crime Reporting Portal in 2025. Calls for clearer crypto regulations are growing.
TheNewsCrypto10h ago
Three Teenagers Sue xAI in the US, Alleging Grok Generated Child Sexual Abuse Material
Three teenage girls filed a lawsuit against Elon Musk's xAI in California federal court, alleging that its chatbot Grok generated child sexual abuse material without consent. The plaintiffs are seeking damages and an injunction to prohibit the generation of such content. According to the complaint, the feature has generated over 20,000 related images, with victims including at least 18 minors.
GateNews10h ago
