AI wrote the bug.
By Maxime Laurent · 2026-02-18 15:21
AI wrote the bug. $1.78M vanished.
Moonwell was exploited after a Claude-generated oracle formula mispriced cbETH.
This one hits differently.
The DeFi protocol Moonwell lost around $1.78M because of a smart contract bug. According to auditor pashov, the vulnerable code was generated by Claude Opus 4.6.
The issue? An oracle formula error.
cbETH was displayed at $1.12 instead of roughly $2200.
In DeFi, that’s not a typo. That’s an open vault.
The attacker simply exploited the price distortion and drained value. Clean. Mechanical. Brutal.
And here’s the part that makes everyone uncomfortable:
The repository reportedly marked commits as co-authored with Claude.
We’re entering the era of vibe coding in Solidity.
And Solidity doesn’t forgive vibes.
Let’s be honest — many developers already use AI assistants to speed up boilerplate, tests, refactoring. That’s not the problem. The problem is misunderstanding what AI is: a probability engine, not a liability-bearing engineer.
AI can suggest patterns.
It cannot own the consequences.
In crypto, code is capital.
If your oracle logic is wrong, markets won’t debate you. They’ll liquidate you.
This incident might be remembered as one of the first AI-linked DeFi exploits. And it won’t be the last.
The real lesson isn’t “don’t use AI.”
It’s “don’t outsource responsibility.”
Especially when you’re securing millions in $ETH-denominated value.
From my little Mediterranean corner, watching DeFi mature the hard way again, I feel like we’re in a transition phase.
AI will absolutely shape crypto development.
But audits, human review, adversarial testing — those become even more critical when generation becomes easy.
Fast code is seductive.
Secure code is survival.
On apprend encore. 🔥
#Crypto #DeFi #SmartContracts #AI #Ethereum #Security
Moonwell was exploited after a Claude-generated oracle formula mispriced cbETH.
This one hits differently.
The DeFi protocol Moonwell lost around $1.78M because of a smart contract bug. According to auditor pashov, the vulnerable code was generated by Claude Opus 4.6.
The issue? An oracle formula error.
cbETH was displayed at $1.12 instead of roughly $2200.
In DeFi, that’s not a typo. That’s an open vault.
The attacker simply exploited the price distortion and drained value. Clean. Mechanical. Brutal.
And here’s the part that makes everyone uncomfortable:
The repository reportedly marked commits as co-authored with Claude.
We’re entering the era of vibe coding in Solidity.
And Solidity doesn’t forgive vibes.
Let’s be honest — many developers already use AI assistants to speed up boilerplate, tests, refactoring. That’s not the problem. The problem is misunderstanding what AI is: a probability engine, not a liability-bearing engineer.
AI can suggest patterns.
It cannot own the consequences.
In crypto, code is capital.
If your oracle logic is wrong, markets won’t debate you. They’ll liquidate you.
This incident might be remembered as one of the first AI-linked DeFi exploits. And it won’t be the last.
The real lesson isn’t “don’t use AI.”
It’s “don’t outsource responsibility.”
Especially when you’re securing millions in $ETH-denominated value.
From my little Mediterranean corner, watching DeFi mature the hard way again, I feel like we’re in a transition phase.
AI will absolutely shape crypto development.
But audits, human review, adversarial testing — those become even more critical when generation becomes easy.
Fast code is seductive.
Secure code is survival.
On apprend encore. 🔥
#Crypto #DeFi #SmartContracts #AI #Ethereum #Security
Disclaimer: This content is for informational purposes only and not financial advice.