On February 2026, Moonwell was exploited in a oracle manipulation, resulting in approximately $1.78M in losses. That makes the Moonwell exploit the 73rd largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Moonwell Oracle Manipulation Played Out
Exploit Class Applied to Moonwell
The Moonwell incident on February 15, 2026 is classified as a Oracle Manipulation. The attacker skews the price feed the protocol trusts — often via a thin DEX pool — forcing the contract to misprice collateral. In the full archive, Moonwell is 1 of 19 documented oracle manipulation incidents.
Moonwell in Context
At $1.78M, the Moonwell exploit is a significant ($1M–$10M) event compared to the largest same-class incident in our archive — – BonqDAO (2023) at $88M.
Prior Oracle Manipulation Before Moonwell
The nearest oracle manipulation incident before Moonwell was Makina, 26 days earlier on January 20, 2026 ($5.1M lost). The same exploit class surfaced again within the oracle manipulation attack surface.
Moonwell Vulnerability Signature
The primary source categorises the Moonwell exploit specifically as “Faulty Oracle”. This narrower label is entity-specific: it reflects how the Moonwell contract failed, rather than the broad oracle manipulation pattern alone.
Impact & Recovery for Moonwell
Moonwell Loss Figure
The Moonwell exploit caused $1,780,000 in losses — a significant ($1M–$10M) incident and the 2nd largest of 12 documented in 2026. This single incident represents 24.2% of all tracked losses that year.
Where Moonwell Sits Among Oracle Manipulation Attacks
Ranked by loss size, Moonwell is the 3rd largest of 19 oracle manipulation incidents documented. That puts the Moonwell loss below the class average of $9.69M.
Timeline Since the Moonwell Incident
The Moonwell exploit occurred 2 months ago (58 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Moonwell
Public post-mortem / on-chain analysis for the Moonwell incident: view source.
FAQ
How much did Moonwell lose?
The Moonwell exploit in February 2026 resulted in $1,780,000 in losses — the 2nd largest of 12 DeFi incidents that year.
When did the Moonwell hack happen?
The Moonwell exploit was recorded on February 15, 2026 — 58 days ago.
What type of exploit hit Moonwell?
The Moonwell incident is classified as a Oracle Manipulation. The attacker skews the price feed the protocol trusts — often via a thin DEX pool — forcing the contract to misprice collateral.
How common is the Oracle Manipulation pattern seen at Moonwell?
Our archive contains 19 documented oracle manipulation incidents. The Moonwell incident is one of them.
How does Moonwell compare to the largest Oracle Manipulation attack?
The largest oracle manipulation incident in our archive is – BonqDAO (2023) at $88M. The Moonwell loss is $1.78M.
What future research directions does the study suggest?
Further investigation on other markets and monitoring the increasing contribution of ESG factors to firm performance.
What are the three main objectives considered in the algorithm's optimization process?
Return on investment, Sortino ratio, and the number of trades.