DeFi lender Moonwell faces governance attack as $1,800 vote push threatens $1 million in funds
A governance attack on DeFi lender Moonwell threatens $1 million in funds after an attacker acquired enough tokens with $1,800.Summary
Decentralized protocol Moonwell is facing a governance attack where an attacker spent approximately $1,800 to acquire enough MFAM tokens to propose a malicious governance change. This proposal, if passed, would grant the attacker administrative control over core contracts, potentially draining over $1.08 million in user funds. The attack exploited thin liquidity and concentrated voting power within the Moonwell governance system. Token holders can counter the attack by outvoting the proposal, or the ‘Break Glass Guardian’ multisig can intervene. This incident highlights vulnerabilities in decentralized governance, where concentrated token accumulation can lead to hostile takeovers, similar to past attacks on protocols like Beanstalk, Compound, and Swerve Finance. Moonwell previously suffered $1.8 million in bad debt due to an oracle misconfiguration earlier this year.
(Source:The Block)