On November 2025, Moonwell was exploited in a oracle manipulation, resulting in approximately $1M in losses. That makes the Moonwell exploit the 86th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Moonwell Oracle Manipulation Played Out
Exploit Class Applied to Moonwell
The Moonwell incident on November 4, 2025 is classified as a Oracle Manipulation. The attacker skews the price feed the protocol trusts — often via a thin DEX pool — forcing the contract to misprice collateral. In the full archive, Moonwell is 1 of 19 documented oracle manipulation incidents.
Moonwell in Context
At $1M, the Moonwell exploit is a significant ($1M–$10M) event compared to the largest same-class incident in our archive — – BonqDAO (2023) at $88M.
Prior Oracle Manipulation Before Moonwell
The nearest oracle manipulation incident before Moonwell was GradientMakerPool, 134 days earlier on June 23, 2025 ($5K lost). The same exploit class surfaced again within the oracle manipulation attack surface.
Moonwell Vulnerability Signature
The primary source categorises the Moonwell exploit specifically as “Faulty Oracle”. This narrower label is entity-specific: it reflects how the Moonwell contract failed, rather than the broad oracle manipulation pattern alone.
Impact & Recovery for Moonwell
Moonwell Loss Figure
The Moonwell exploit caused $1,000,000 in losses — a significant ($1M–$10M) incident and the 16th largest of 96 documented in 2025. This single incident represents 0.1% of all tracked losses that year.
Where Moonwell Sits Among Oracle Manipulation Attacks
Ranked by loss size, Moonwell is the 4th largest of 19 oracle manipulation incidents documented. That puts the Moonwell loss below the class average of $9.69M.
Timeline Since the Moonwell Incident
The Moonwell exploit occurred 5 months ago (161 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Moonwell
Public post-mortem / on-chain analysis for the Moonwell incident: view source.
FAQ
How much did Moonwell lose?
The Moonwell exploit in November 2025 resulted in $1,000,000 in losses — the 16th largest of 96 DeFi incidents that year.
When did the Moonwell hack happen?
The Moonwell exploit was recorded on November 4, 2025 — 161 days ago.
What type of exploit hit Moonwell?
The Moonwell incident is classified as a Oracle Manipulation. The attacker skews the price feed the protocol trusts — often via a thin DEX pool — forcing the contract to misprice collateral.
How common is the Oracle Manipulation pattern seen at Moonwell?
Our archive contains 19 documented oracle manipulation incidents. The Moonwell incident is one of them.
How does Moonwell compare to the largest Oracle Manipulation attack?
The largest oracle manipulation incident in our archive is – BonqDAO (2023) at $88M. The Moonwell loss is $1M.
What does the empirical work in the document try to identify?
The informational feedback from markets to corporate decisions.
In what way does the paper contribute to the field of blockchain and cryptocurrency?
The paper formalizes the security models for multi and threshold adaptor signatures, providing security proofs and demonstrating their applications in blockchains.