I want to clarify what really happened during the recent attack and why the situation was far more serious than it might seem.
What Actually Happened
Based on on-chain data:
A wrong oracle price was reported at block 37,722,874.
The attack transaction happened just a few seconds later, at block 37,722,882.
This strongly suggests the exploit was executed by an automated bot, reacting instantly to the manipulated price feed. The fact that the bot performed imperfectly might be the only reason we lost “only” around $1 million instead of much, much more.
The Real Risk — Not $1M, But $100M+
Here’s why this was potentially catastrophic:
The wrsETH asset on the Core market had a 74% collateral factor.
When the oracle price was falsely reported as $5.8 billion per wrsETH , depositing just 0.1 wrsETH created an enormous borrow capacity.
That’s enough to drain every major market on Base from a deposit smaller than a coffee purchase.
So, while the actual realized loss was ~$1M, the potential exposure exceeded $100 million at that moment.
We got lucky — the bot failed to fully execute.
But what happens next time, when a smarter, more powerful bot reacts perfectly?
What We Should Discuss Next
We need to treat this as a wake-up call and work together on real defenses, such as:
More robust oracle validation and fallback feeds
Lowering collateral factors for new or volatile assets
On-chain price anomaly detection and automated circuit breakers
Faster pause and response mechanisms for oracle errors
This isn’t just a post-mortem — it’s a warning. The potential loss wasn’t $1M. It was $100M+.
Let’s stay vigilant, fix the weak points, and make sure we’re ready before the next attack attempt.
This is spot on.
Yeah, we definitely got lucky that the bot didn’t execute the exploit more effectively. The scary part is how fast it happened — seconds after the bad price feed.
That kind of reaction time doesn’t feel random. Most bots aren’t sitting around scanning for obscure oracle misprices on low-liquidity feeds. Makes you wonder if this was more “inside baseball” than pure chance.
Could it have been an insider — someone who knew the feed was obsolete and how it was set up? Hard to say, but it’s a fair question.
Either way, it shows how exposed we are when so few people fully understand or monitor these systems in real time. We can’t just call it bad luck and move on.
That’s exactly what mev bots do, they constantly monitor for market imbalances and arbitrage it away. They don’t need to monitor oracles, just track prices on liquidity sources. If they were monitoring this particular oracle or had an inside info/access then it should have happened in the same or next block.
Also, the loss is $3.7M, the $1M is the profit the arbitrage bot made. It’s not $100M+ thanks to the borrow caps in place, not because it was executed poorly. Would there be no caps, it would have been drained fully and by way more than 1 bot. This one was just fastest to react and there was enough liquidity on DEX pools for arbitrage. Without caps it would have caused a cascade effect on the whole Base chain ecosystem.
That’s a definition of arbitrage isn’t it? Those bots find where to buy something cheaper and where to sell it for more. Due to oracle malfunction moonwell was essentially offering all its assets for very cheap.
This incident has showed how valuable borrow caps are at limiting loss in extreme conditions and how important it is to maintain them at sensible levels. Venus is a good example in this regard, they often change supply and borrow caps according to the periodic risk re-evaluation of assets.
What Actually Happened
The Real Risk — Not $1M, But $100M+
What We Should Discuss Next