Moonwell faces $1M risk after attacker buys cheap tokens and submits malicious vote proposal to gain control of DeFi lending protocol contracts.
A decentralized finance platform called Moonwell is facing a serious security threat after a very cheap attack. The incident was a surprise to the crypto community because the attacker only spent $1800. According to the reports by the Moonwell Forum, the proposal could put more than $1000000 at risk.
Cheap Token Purchase Leads to Governance Attack
The issue began with an unknown attacker purchasing some 40000000 MFAM tokens. These tokens have voting power within the governance system of Moonwell. Therefore, owning a lot of tokens means that a person is able to make important decisions about the platform.
With the tokens purchased, the attacker formed a governance proposal. The proposal attempted to give an attacker control over important smart contracts to a wallet controlled by the attacker. These contracts contain the oracle, the comptroller, and seven lending markets within the protocol.
The most startling aspect was the speed of the attack. Reports said the entire process took just 11 minutes. First, the tokens were bought. Next, the proposal was developed. Finally, the vote reached quorum, which is when enough votes are counted so that the proposal becomes active.
Voting on the proposal will be open until 27 March 2026. However, many members of the community later began to vote against the plan. Because of this, the end result to the question is uncertain.
Moonwell is a lending protocol on Moonbeam and Moonriver networks. According to DefiLlama data, currently, the platform has approximately $85000000 locked in its markets. Therefore, being able to control the contracts means that an attacker could potentially reach large funds.
Previous Exploit Raised Security Concerns
This is not the first time Moonwell has encountered a problem. In November 2025, the protocol lost a small sum of 1000000 due to an oracle error. The value of a token on the price feed from Chainlink was incorrect.
So, because of the wrong price, a small deposit was valued at over $116000. As a result, a trading bot used the fake value to borrow huge amounts from the market. This sapped funds away from Moonwell pools from Base Network and Optimism.
After that incident the Moonwell DAO approved a number of fixes. On 6 March 2026 the community voted to reestablish withdrawals on Moonriver. Later, on 9 March 2026, new contract upgrades were approved to correct reward calculation issues.
These updates were for safety, developers said. However, the new attack on governance demonstrates that there are risks in decentralized systems.
Moreover, governance attacks are dangerous because the hackers use voting rules rather than hacking codes. Therefore, the attackers can take control without directly breaking security.
For now, the Moonwell community is keeping a watchful eye on the vote. If the proposal doesn’t pass, the funds will remain safe. However, the incident has revealed that even small attacks can pose a threat to millions in DeFi platforms.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Lattice Announces Shutdown: Redstone Will Close on May 16, Users Must Withdraw by the Deadline
Gaming infrastructure developer Lattice announced it will shut down on May 15 and reminded users to withdraw their funds. After the shutdown, contract funds cannot be withdrawn through L1 contracts; only funds in personal wallets can be recovered. Over the past five years, Lattice has failed to realize its business model and ultimately decided to close, but its MUD framework and DUST game will continue to run.
MarketWhisper8m ago
Pi Network Agreement 23 Targets the Institutional Market, Smart Contracts, and RWA Tokenization to Launch in Early May
Pi Network officially went live with Protocol 23 on May 18, bringing smart contracts, real-world asset tokenization, and the AI App Studio, enabling Pi to transform from a payment token into a programmable blockchain infrastructure. The protocol covers four major functions, similar to Ethereum, and is expected to attract institutional investors. The upgraded node milestones signal market confidence and may affect Pi’s price performance.
MarketWhisper17m ago
Lattice to Shut Down Redstone Network in May, Users Urged to Withdraw Funds
Lattice, the gaming infrastructure team, will gradually shut down its Redstone network by May 15, 2026. Users are advised to withdraw funds quickly, as assets in smart contracts will be unrecoverable post-shutdown. Projects under Lattice have been open-sourced or migrated to new chains.
GateNews18m ago
Cardano Founder Says Crypto Parties Won’t Boost ADA Price – Here’s Why
Charles Hoskinson just dropped a reality check on the Cardano community. His message is simple. Crypto parties and big conference events are not going to move the ADA price. Instead, he wants to take the funds that would have been spent on flashy gatherings and put them into permanent global co
CaptainAltcoin55m ago
Polygon sPOL officially goes live, unlocking 3.6 billion POL to enable staking rewards
Polygon Labs launches its first native liquid staking token, sPOL, unlocking more than 3.6 billion POL tokens and allowing stakers to use sPOL to perform DeFi operations while earning rewards. With sPOL, stakers can achieve dual yield, and in conjunction with the PIP-85 proposal, for the first time, 50% of validator priority fees are allocated to delegators, strengthening the economic incentives for long-term token staking.
MarketWhisper1h ago
Gate Daily Report (April 15): X launched Cashtags to provide encrypted financial data functionality; Bitcoin halving has completed 50%
Bitcoin (BTC) continues to rise, reaching $74,670 on April 15. On the X platform, Cashtags were launched in the United States and Canada, integrating real-time financial data and trading. With the Bitcoin halving underway, there are only 105,000 blocks left until the next reward halving. Market sentiment is optimistic, and the US stock market also recorded gains. Among various crypto-news updates, the ARIA token price has crashed, and events such as Virginia’s new law incorporating digital assets have been reported.
MarketWhisper1h ago
