Another hack hit the DeFi space when Moonwell, a lending platform on Base and Optimism, lost about $1 million on November 4, 2025. The attack exposed how risky it can be for DeFi projects to rely too much on outside data sources for pricing.
According to CertiK Alert, the attacker “was able to repeatedly borrow over 20 wstETH with only ~0.02 wrstETH flashloaned and deposited due to the faulty oracle that returns wrst price of ~5.8M$ and profited 295 ETH (~$1M).” This quick and repeated borrowing sequence drained funds across Moonwell’s lending markets.
Besides CertiK’s findings, QuillAudits confirmed that the attack targeted wrapped restaked ETH (wrstETH and wstETH) markets on both Base and Optimism. “Another day, another Moonwell exploit. 4th major incident in 3 years,” QuillAudits noted.
The firm’s investigation found that a faulty data feed gave wrong price information, letting the hacker trick the system and borrow over 20 mwstETH each time. The attacker quickly sold the borrowed tokens for profit and paid back the flash loan in the same transaction.
Repeated exploits shake Moonwell’s credibility
Moonwell has already been the target of several hacks. A troubling pattern was brought to light by QuillAudits, which is an Oracle hack in October 2025 that cost $1.7 million, a flash loan attack in December 2024 that cost $320,000, and a debt issue in 2022 that was connected to the Nomad Bridge.
Earlier this year, Moonwell also ended its bug bounty program on Immunefi, just months before these major attacks. Because of this, investors are now questioning whether the platform can stay secure over the long term.
The hack caused the WELL token to drop 13.5% in a single day, much worse than the overall crypto market’s 3.95% fall. As of writing, WELL was trading at $0.1158, down 51% in the past month, according to CoinMarketCap.
In contrast, Moonwell had a strong October. The platform earned its highest fees ever, distributing $2.12 million to lenders and reserves on both Base and Optimism.
According to Moonwell’s post on X, “Increased borrowing demand → higher rates → more revenue → more WELL acquired in reserve auctions every month.” However, the latest incident now overshadows those positive growth metrics.
The Moonwell breach followed another massive DeFi exploit that hit Balancer on November 3, draining between $100 million and $128 million across several networks. Balancer’s V2 architecture was targeted, with losses affecting multiple liquidity pools. Security teams quickly confirmed the breach and began working with firms such as PeckShield and BlockSec to trace the funds.
Moreover, Berachain, another Ethereum-compatible Layer 1 blockchain, also fell victim to an exploit tied to the Ethena/Honey tripool. To limit further damage, the Berachain Foundation temporarily paused its network. “I’m sure that some won’t be happy about this… but when approximately $12m of user funds are at risk… we attempted to coordinate the validator set to protect those users,” said Smokey The Bera, Berachain’s Chief Smokey Officer.
Even though DeFi security seems to be improving, problems persist. PeckShield data shows losses from hacks dropped 85.7% in October, down to $18.18 million across 15 incidents, compared to over $127 million the month before. Still, repeated oracle and flash loan attacks show that bigger risks remain.