Moonwell hit by governance attack — $1.08M at risk for $1,800 spend
An unknown attacker spent just $1,800 to acquire 40 million MFAM tokens and push a malicious governance proposal through quorum in roughly 11 minutes on Moonwell’s Moonriver deployment.The proposal, if executed, would transfer admin control of seven lending markets, the comptroller, and the oracle to an attacker-controlled contract, exposing approximately $1.08 million in user funds.Moonwell retains an emergency veto mechanism — the “Break Glass Guardian” multisig — and a majority of subsequent votes have opposed the proposal ahead of the March 27 deadline.
2026-03-26 21:00:00
