A $1 million exploit on Moonwell’s lending platform exposed vulnerabilities in how decentralized finance (DeFi) protocols rely on external price data through oracles. This attack, which targeted the platform’s operations on Base and Optimism networks, highlights a persistent challenge in the sector: oracle security. Blockchain security firm BlockSec first detected suspicious transactions, revealing that hackers exploited a faulty rsETH/ETH oracle feed. The erroneous pricing information led to a flash loan attack with manipulated oracles to falsely report the price of wrstETH at approximately $5.8 million per token, far exceeding its actual value. This resulted in the attacker borrowing substantial amounts of cryptocurrency due to this valuation error. 295 ETH was stolen as a result of this exploit. The incident marks the fourth major security breach for Moonwell in three years, raising concerns about the protocol’s security infrastructure and challenging DeFi protocols’ reliance on external data sources.