AI’s Wild Code Hack: $1.78M Vanishes! What Me Worry?

Claude Opus 4.6: The AI That Coded Itself into a Trap! Bazinga!

A DeFi hack so wild, it could make a robot cry. $1.78 million vanished like a magician’s rabbit, thanks to a cbETH price that forgot it was worth $2,200 and decided to play dress-up as $1.12. Auditors and hackers? They’re just busy folks with coffee and chaos.

AI Code So Smart, It Hacked Itself!

Smart contract auditor Pashov dropped a bombshell: “Claude Opus 4.6 wrote code so vulnerable, it’s like giving a toddler a flamethrower and a user manual written in hieroglyphs.” The result? A $1.78 million heist where the only thing missing was a villain’s laugh.

🚨Claude Opus 4.6: The AI that coded a vault, then forgot the combination. Classic!

cbETH’s price? A $1.12 snack instead of a $2,200 feast. And guess who co-authored the code? Claude-because nothing says “trust me” like an AI with a vibe.

– pashov (@pashov)

The protocol’s pricing logic? A Shakespearean tragedy. cbETH’s real value? $2,200. The code’s idea of value? A bagel. The mismatch? A recipe for disaster, or as we call it, “Monday morning.”

Lending mechanics went rogue like a squirrel on espresso. Arbitrage opportunities? More like “opportunists with PhDs in chaos.” Risk controls? They took a coffee break and never returned.

Claude’s commits in the project’s pull requests? A red flag waving in the wind. Was this the dawn of “vibe-coding”? Because the vibe here was straight panic!

Moonwell’s Oracle: The Math That Couldn’t Count!

SlowMist’s Cos explained it all: “The oracle’s formula was so confused, it asked Google ‘what’s 1+1?’ and got ‘42.’” The error? A price feed so broken, it made a calculator weep.

Moonwell’s lending platform? A victim of bad math. The oracle miscalculated prices like a human trying to split a bill at a restaurant. The result? Assets valued at $1.12 while everyone else was at the $2,200 party.

Oracles: the bridge between data and contracts. But when the bridge is held together by duct tape and hope, well… let’s just say the river got a little rowdy.

Liquidity drains? Attackers partied like it was 2008 while the system bled cash. Automated strategies? More like “automated panic buttons.” Speed and precision? The hackers had both; the code? Not so much.

The bug? A low-level error so tiny, it could’ve fit in a microchip. Yet, it caused a financial earthquake. Because in DeFi, even a decimal point has a union.

AI supporters: “It’s faster!” Critics: “It’s also dumber!” The debate rages on, like a catfight between productivity and common sense. Meanwhile, oracles? They’re just trying to do their job without being gaslit by bad code.

Data feeds in DeFi: as reliable as a weather forecast. One glitch, and the whole system starts sweating. Reliability failures? They spread faster than gossip at a blockchain conference.

Investigations? Ongoing. Patches? Coming soon. But until then, DeFi’s security challenge? A never-ending comedy of errors. Because nothing says “future of finance” like a system that forgets its own rules.

Read More

2026-02-18 08:36