Moonwell Lending

2021-01-01

Moonwell founded by Luke Youngblood under Lunar Labs; built as a Compound v2 fork targeting Moonbeam network

2022-03-17

Moonwell raises $10 million in Strategic funding round

2022-08-02

Nomad bridge exploited for $190.7 million; Moonwell's Moonbeam deployment suffers collateral losses and bad debt including approximately $2.9 million in Frax-related bad debt

2023-07-24

Code4rena competitive audit identifies 17 medium severity vulnerabilities and 56 low/informational issues; no critical or high severity findings

2023-12-31

Non-binding governance plebiscite passes 98% in favor of using Nomad collateral and protocol reserves to address Frax bad debt, drawing community controversy over asset appropriation

2024-12-01

Flash loan exploit on Optimism USDC market drains approximately $320,000 via a malicious mToken contract; stolen funds swapped to DAI

2025-02-01

Moonwell removes its Immunefi bug bounty program; proposes migration to Code4rena bug bounty platform

2025-10-10

Oracle-DEX price gap during market volatility allows exploitation of liquidation mechanisms on Base deployment; approximately $1.7 million lost

2025-11-04

Chainlink oracle malfunction misprices wrsETH at $5.8 billion; attacker drains approximately $1 million (295 ETH) within 30 seconds; $3.7 million in bad debt accrues; WELL token drops ~13.5%

2026-02-15

Governance proposal MIP-X43 deploys misconfigured Chainlink OEV oracle; cbETH mispriced at ~$1.12 instead of ~$2,200; $1.78 million in bad debt generated; AI-assisted code co-authored by Claude Opus 4.6 implicated

2026-03-24

Governance attack on Moonriver deployment: attacker spends $1,808 to acquire voting tokens, submits malicious proposal, reaches quorum in ~11 minutes; $1.08 million in assets placed at risk; community votes defeated the proposal

2026-04-06

DAO approves MIP-X49, implementing fixes to Wormhole V3 cross-chain integration following March 2026 upgrade (MIP-X48)