Gate News: On March 26, the DeFi lending protocol Moonwell was subjected to a governance attack, putting over $1 million of user funds at risk. On-chain observers detected that an attacker spent approximately $1,800 to purchase about 40 million MFAM tokens and used their voting power to push a malicious governance proposal. The proposal aimed to transfer control of the protocol’s core contract to an address controlled by the attacker. The entire attack, from purchasing tokens and creating the proposal to passing the vote, took only about 11 minutes. The proposal has currently been enacted in Moonwell’s Moonriver deployment environment, involving the transfer of control over 7 lending markets, auditing firms, and oracles. If executed, the attacker could drain the protocol’s funds, risking the loss of approximately $1.08 million of user assets. Moonwell is a lending protocol based on Moonbeam and Moonriver, part of the Polkadot ecosystem. Previously, in February this year, the protocol experienced a bad debt of about $1.78 million due to an oracle configuration error.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
JPMorgan: DeFi Security Exploits and Stagnant TVL Limit Institutional Adoption
Gate News message, April 23 — JPMorgan analysts led by managing director Nikolaos Panigirtzoglou said that persistent decentralized finance (DeFi) exploits and weak growth continue to limit institutional interest in the sector. The recent Kelp DAO hack wiped approximately $20 billion from DeFi's tot
GateNews3h ago
U.S. Treasury Sanctions Cambodian Senator Over Crypto Scam Network
## Overview
The U.S. Treasury Department sanctioned Cambodian Senator Kok An and 28 entities associated with him on Thursday, according to the Treasury's Office of Foreign Assets Control (OFAC). The action targets what officials describe as a massive crypto scam operation in Southeast Asia.
## The
CryptoFrontier3h ago
Aave Freezes rsETH Reserves Across Five Networks Following KelpDAO Exploit
Gate News message, April 23 — Aave has frozen rsETH reserves across Ethereum Core, Arbitrum, Base, Mantle, and Linea as the recovery effort accelerates following the April 18 KelpDAO exploit that drained 116,500 rsETH, valued at approximately $292 million, from Kelp's cross-chain bridge.
Multiple D
GateNews5h ago
JPMorgan: DeFi hackers are increasingly common, and interest in compression mechanisms to address TVL stagnation is drawing capital into USDT
JPMorgan Chase’s report believes that DeFi continues to face ongoing vulnerabilities, cross-chain bridge and oracle attacks are frequent, causing TVL to stagnate and weakening institutional investors’ willingness to invest, with capital shifting to USDT that is traceable and can be frozen. The KelpDAO and Rhea Finance attacks reveal risk-management risks; centralized stablecoins and custodial solutions are more favored. In the long run, improving this will require going beyond insurance and governance. DeFi will not be able to return to the 2021 era of high TVL, and stablecoins will become even more concentrated.
ChainNewsAbmedia5h ago
Circle Chief Economist Proposes Raising USDC Rates on Aave Amid KelpDAO Fallout
Gate News message, April 23 — Gordon Liao, Circle's chief economist, has proposed raising USDC lending parameters on Aave v3 Ethereum Core this week following a $292 million KelpDAO rsETH exploit that triggered a liquidity crisis across the protocol. Liao's Request for Comment suggests increasing "S
GateNews6h ago
Major CEX Upgrades Fraud Detection System with Machine Learning and Rule Engine, Cuts Response Time to Hours
Gate News message, April 23 — A major centralized exchange announced an overhaul of its anti-fraud system by integrating machine learning models with rule-based engines, implementing a dual-track strategy where models handle long-term defense and rules enable rapid response. The unified framework
GateNews6h ago
