GoPlus Security Highlights Oracle Price Feed Discrepancies in Moonwell, Flags Bad Debt

Tech

GoPlus Security Highlights Oracle Price Feed Discrepancies in Moonwell, Flags Bad Debt

• GoPlus Security noted the most recent Oracle price feed discrepancy on February 15, 2026.
• The cumulative bad debt for Moonwell stands at over $5 million.
• A discussion about the reasons behind such incidents has resurfaced in the market.

GoPlus Security has pointed out three recent Oracle price feed discrepancies related to Moonwell, a DeFi protocol. Its cumulative bad debt has surged with the most recent incident, which dates back to this weekend. This is not a standalone incident, as many more cases surfaced in the past.

Discrepancies Noted by GoPlus Security in Moonwell

The most recent Oracle price feed discrepancy in Moonwell dates back to February 15, 2026. The protocol was exploited due to Oracle pricing issues. The vulnerability, per the report, is possibly linked to development using Claude Opus 4.6 through vibe coding. Its bad debt has now surged by approximately $1.78 million.

Its cumulative bad debt has reached around $5 million, starting from October 10, 2025. The figure was roughly $1.7 million at that time. Teams noticed a major divergence between the Oracle data of Moonwell and on-chain DEX prices.

It was followed by an incident on November 04, 2025, when a bad debt of $3.7 million was reported. There was again a similar divergence with public disclosures revealing the deposit of a small amount of depegged collateral. Assets were then borrowed, exceeding their market value that was applicable at that time.

Other Similar Oracle Price Feed Discrepancy Incidents

An incident at Yellow Protocol, reported in April 2025, led to damage of approximately $2.4 million. The contract reportedly relied on a single DEX pool for price data. That was later inflated artificially when an attacker exercised manipulation.

An incident at Mango Market sometime in October 2022 put a dent of approximately $117 million. The attacker artificially inflated MNGO prices by utilizing USDC worth almost $10 million. Harvest Finance stands out on the list because the attacker exploited using flash loans for stablecoin price manipulation.

Behind the Incidents

GoPlus Security reporting three recent incidents at Moonwell has brought the discussion about its common causes back to the market. Some of the known points are price Oracle manipulation (POM), stale data, and low liquidity pool exploitation.

POM sees deliberate manipulation of an assets price so that the Oracle reports an incorrect figure. Stale data happens when the Oracle is unable to quickly update the prices, enabling exploitation.

Low-liquidity pool exploitation happens when there is too much reliance on DEX pools with low liquidity. This follows the principle of easy manipulation due to smaller trade volumes.