Moonwell faces $1M risk after attacker buys cheap tokens and submits malicious vote proposal to gain control of DeFi lending protocol contracts.
A decentralized finance platform called Moonwell is facing a serious security threat after a very cheap attack. The incident was a surprise to the crypto community because the attacker only spent $1800. According to the reports by the Moonwell Forum, the proposal could put more than $1000000 at risk.
Cheap Token Purchase Leads to Governance Attack
The issue began with an unknown attacker purchasing some 40000000 MFAM tokens. These tokens have voting power within the governance system of Moonwell. Therefore, owning a lot of tokens means that a person is able to make important decisions about the platform.
With the tokens purchased, the attacker formed a governance proposal. The proposal attempted to give an attacker control over important smart contracts to a wallet controlled by the attacker. These contracts contain the oracle, the comptroller, and seven lending markets within the protocol.
The most startling aspect was the speed of the attack. Reports said the entire process took just 11 minutes. First, the tokens were bought. Next, the proposal was developed. Finally, the vote reached quorum, which is when enough votes are counted so that the proposal becomes active.
Voting on the proposal will be open until 27 March 2026. However, many members of the community later began to vote against the plan. Because of this, the end result to the question is uncertain.
Moonwell is a lending protocol on Moonbeam and Moonriver networks. According to DefiLlama data, currently, the platform has approximately $85000000 locked in its markets. Therefore, being able to control the contracts means that an attacker could potentially reach large funds.
Previous Exploit Raised Security Concerns
This is not the first time Moonwell has encountered a problem. In November 2025, the protocol lost a small sum of 1000000 due to an oracle error. The value of a token on the price feed from Chainlink was incorrect.
So, because of the wrong price, a small deposit was valued at over $116000. As a result, a trading bot used the fake value to borrow huge amounts from the market. This sapped funds away from Moonwell pools from Base Network and Optimism.
After that incident the Moonwell DAO approved a number of fixes. On 6 March 2026 the community voted to reestablish withdrawals on Moonriver. Later, on 9 March 2026, new contract upgrades were approved to correct reward calculation issues.
These updates were for safety, developers said. However, the new attack on governance demonstrates that there are risks in decentralized systems.
Moreover, governance attacks are dangerous because the hackers use voting rules rather than hacking codes. Therefore, the attackers can take control without directly breaking security.
For now, the Moonwell community is keeping a watchful eye on the vote. If the proposal doesn’t pass, the funds will remain safe. However, the incident has revealed that even small attacks can pose a threat to millions in DeFi platforms.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Aave Multisig Guardian Freezes rsETH on Lending Markets
Gate News message, according to Onchain, the Aave Multisig Guardian has frozen rsETH on lending markets. This action has been implemented across Aave's lending platforms.
GateNews2h ago
Tobu Top Tours Launches XRP Ledger-Based Prepaid Payment Platform, Targeting Japan's ¥30T Market
Tobu Top Tours has partnered with SBI Ripple Asia to launch a prepaid token payment platform on the XRP Ledger, gaining regulatory approval in Japan. Set for rollout later this year, it allows users to convert yen into blockchain tokens for various tourism services. SBI Ripple Asia also announced research to enhance Japan-South Korea cross-border payments using the XRP Ledger.
GateNews2h ago
MicroStrategy Proposes Semi-Monthly Dividends for STRC to Improve Liquidity and Stabilize Stock Price
MicroStrategy has proposed changing its STRC preferred stock dividends from monthly to semi-monthly to enhance liquidity and stabilize stock prices, maintaining an 11.5% annual yield. Concerns about this structure have been raised by Bitcoin critic Peter Schiff.
GateNews14h ago
Pi Network Launches First Smart Contract Feature on Testnet, Enabling Subscription Payments
Pi Network has launched its first Smart Contract feature on Testnet, enabling users to set up automatic subscription payments while maintaining control of their funds. This marks a shift toward ecosystem utility and lays the groundwork for potential mainnet deployment.
GateNews15h ago
Topnod Self-Custody Wallet Becomes Official Partner of Layer1 Blockchain Pharos
Topnod has partnered with Layer1 blockchain Pharos, providing a user-friendly self-custody wallet that simplifies access to real-world assets. It will support Pharos's airdrop activities and facilitate the distribution of RWA assets on the Pharos chain.
GateNews19h ago
Buck Protocol Announces Closure, Holders to Receive Full Redemption
The Buck protocol announced an immediate shutdown, ensuring holders receive 100% capital returns with fully backed reserves. A redemption window has opened with no time limit for asset retrieval.
GateNews20h ago
