AI-generated code error results in USD 1.8m smart contract loss
AI-generated code error results in USD 1.8m smart contract loss
Occurred: February 2026
Page published: February 2026
An error in AI‑generated smart contract code used by the DeFi protocol Moonwell led to a USD 1.8 million loss, highlighting how the opaque use of generative AI in critical financial infrastructure can translate into real losses and systemic risk for users and regulators.
Moonwell, a lending protocol on the Moonbeam DeFi ecosystem, suffered a loss of roughly USD 1.78–1.8 million after a misconfigured "price oracle" (the system that tells the smart contract how much an asset is worth ) wrongly valued Coinbase Wrapped ETH (cbETH) at USD 1.12 instead of its true market value of USD 2,200.
The discrepancy triggered automated "liquidators" to instantly seize collateral from honest borrowers, resulting in USD 1.78 million in bad debt for the protocol and significant financial losses for users whose positions were unfairly closed.
The root cause was a fundamental mathematical error in a GitHub pull request co-authored by Claude Opus 4.6. The AI-assisted code failed to multiply the "exchange rate" of the token by the "USD price feed," essentially providing a relative ratio instead of a dollar value.
The incident highlights an over-reliance on "vibe coding", with the developer using Generative AI to write high-stakes financial logic without performing rigorous, end-to-end integration testing that would have flagged the USD 1.12 price as an anomaly.
In addition, while the commits were transparently labeled as co-authored by an AI, the internal peer-review process failed to catch the "hallucinated" logic before it was pushed to a live environment.
For users: This serves as a warning that "automated" finance is only as safe as the code behind it. Even "audited" protocols are at risk if updates are generated by AI and rushed through.
For industry: The incident marks a turning point in the "AI vs. Human" coding debate, proving that LLMs lack the adversarial mindset and "sanity check" capabilities required for mission-critical infrastructure. It also re-sparked the debate over vibe coding, with critics warning that its code may contain vulnerabilities that many human reviews would most likely miss.
For policymakers: There is an increasing call for "Software Liability" frameworks. If an AI writes a bug that steals millions, who is liable? This incident may push regulators to demand standardized "Human-in-the-Loop" certifications for AI-assisted financial software.
Claude Opus 4.6
Developer: Anthropic
Country: Multiple
Sector: Banking/financial services
Purpose: Calculate price
Technology: Generative AI
Issue: Accountability; Accuracy/reliability; Transparency
Early Feb 2026. Moonwell developers use Claude Opus 4.6 to co-author a pricing oracle update.
Feb 15, 2026. Governance proposal MIP-X43 is executed, pushing the AI-assisted code live.
Feb 15, 2026. Within minutes, the USD 1.12 price is detected; liquidations begin, draining USD 1.78M.
Feb 16, 2026. Moonwell pauses borrowing and sets caps to 0 to prevent further losses.
Feb 17, 2026. Security researchers link the error directly to the AI co-authored commits.
Feb 20, 2026. A 5-day governance timelock prevents an immediate fix; a new vote is initiated to patch the code.
https://dailycoin.com/1-8m-gone-in-minutes-moonwells-oracle-glitch-shakes-defi-lending/
https://www.cryptopolitan.com/claude-moonwell-smart-contract-exploit/
https://cryptorank.io/news/feed/6af37-moonwell-exploited-a-day-after-balancer-hack
https://finance.yahoo.com/news/oracle-error-leaves-defi-lender-082155372.html
AIAAIC Repository ID: AIAAIC2211