Claude-Generated Code Linked to $1.78M DeFi Hack

Claude Opus 4.6 linked to a $1.78M DeFi hack after cbETH mispricing. Auditor Pashov and SlowMist cite oracle formula vulnerability concerns.

A reported smart contract exploit has triggered fresh concerns across decentralized finance markets. Losses reached approximately $1.78 million following a critical pricing failure. The DeFi hack quickly generated a debate on AI rise Solidity development and security practices.

Auditor Flags Vulnerable AI-Generated Solidity Code

Smart contract auditor Pashov said that Claude Opus 4.6 generated vulnerable code. According to comments he has made on Twitter, the weakness made an exploit onchain possible. As a result, perpetrators withdrew money worth close to $1.78 million from the affected system.

The cause of the failure was an incorrect asset valuation in the protocol logic. Specifically, the price of cbETH was fixed at $1.12. However, its worth on the market stood at almost $2,200 during the window of events.

Because of this mismatch, under normal conditions, the lending mechanics acted out of control. As a result, arbitrage opportunities and collateral distortions quickly appeared. Observers said that the faulty valuation drastically undermined risk controls.

Project pull requests reportedly revealed commits written by Claude in development cycles. Therefore, the episode raised questions about automated coding oversight. Some analysts said the case was a possible first exploit related to “vibe-coding.”

Moonwell Incident Traced to Oracle Formula Error

Further details did emerge from blockchain security researchers monitoring the disruption. Cos, founder of SlowMist, further explained from a technical point of view. He said that the problem was an error in a low-level oracle price feed formula.

According to Cos, the incident took place on a DeFi lending platform, Moonwell. The oracle calculation was reportedly wrong in processing price inputs in certain parameters. Consequently, the contract created an unrealistic valuation of the assets in the system.

Importantly, oracles mechanisms act as bridges between market data and smart contracts. Therefore, even simple calculation errors can cause serious effects. In this case, the distortion in prices had a direct impact on the decision-making about borrowings and collateral.

In addition, incorrect appraisals can leave protocols vulnerable to liquidity drains. Attackers make use of these inconsistencies in executing trading strategies quite often, using automated trading strategies. As can be seen here, speed and precision are usually what determine the scale of losses.

Security specialists stressed that the bug was a very low level implementation. Nevertheless, its financial impact proved significant when fired up in live markets. Thus, the event highlighted the vulnerability of pricing infrastructure.

Meanwhile, community discussions centered around AI tools in the smart contract development workflow. Supporters pointed to increases in productivity and the ability to iterate more quickly. Critics, however, warned of hidden vulnerabilities without strict human auditing.

Additionally, the episode focused attention on oracle designs and validation procedures. Accurate data feeds are still very basic in lending, derivatives, and stablecoin systems. Therefore, reliability failures can rapidly propagate throughout linked protocols.

While the investigations are underway, affected stakeholders consider operational and financial consequences. Protocol teams will often apply patches, disable functions, or increase safeguards in the aftermath of incidents. Ultimately, this event proved a persistent security challenge to decentralized finance ecosystems.