Moonwell (WELL)

Moonwell hit by governance attack — $1.08M at risk for $1,800 spend

🚨⚠️ ATTACK ON MOONWELL $WELL: OVER $1 MILLION THREATENED

The DeFi protocol Moonwell is facing an ongoing attack on its Moonriver deployment, where an actor managed to push a malicious proposal endangering more than $1 million.

The attacker reportedly spent about $1,800 to acquire enough tokens (approximately 40 million) to pass a vote that gives them administrative control over the protocol’s key contracts.

The entire operation—token purchase, proposal creation, and vote validation—was completed in just 11 minutes.

If the proposal is executed, it would allow taking control of several lending markets, the comptroller system, and the oracle, paving the way for a full withdrawal of funds estimated at around $1.08 million.

Borrowing protocol Moonwell recently successfully foiled a malicious governance proposal attack. The attacker accumulated approximately 50 million WELL tokens (worth about $3.1 million) on the market to obtain sufficient voting power and submitted a malicious proposal named “MIP-M11”. The proposal aimed to change the protocol’s risk parameters, allowing the attacker to borrow and extract Moonwell’s assets on the Base chain valued at approximately $14 million (including USDC, ETH, and cbETH). Because Moonwell’s governance mechanism has a 48‑hour mandatory waiting period, the team was able to intervene successfully before the attack could be executed. Currently, all protocol funds are safe, and the malicious proposal has been withdrawn. (TheBlock) https://t.co/hDgNFkmKPf