Moonwell Vaults offer convenient exposure to Morpho lending yields with professional curation. However, the protocol's track record of three security incidents in twelve months, combined with the discontinued bug bounty and ongoing curator transition, creates elevated risk. The underlying Morpho infrastructure is solid, but Moonwell's integration layer has demonstrated persistent vulnerability to oracle attacks. Only suitable for risk-aware users who closely monitor security developments.
Top Risks
1
Moonwell suffered a $1M oracle exploit in November 2025 where a Chainlink price feed malfunction valued 0.02 wrstETH at $5.8M, enabling the attacker to extract 292 ETH. This is the third major security incident in 3 years, demonstrating persistent vulnerability patterns.
2
Moonwell Vaults deploy capital through Morpho isolated markets controlled by external curators (recently transferred from Block Analitica/B.Protocol to Anthias Labs). Curator decisions directly determine which markets receive vault capital and associated risk exposure.
3
The protocol discontinued its Immunefi bug bounty program earlier in 2025, months before the November 2025 exploit. This signals reduced commitment to proactive security and removes a critical defense layer.
Risk Breakdown
Frequently Asked Questions
Is Moonwell Vaults safe to use?
Moonwell Vaults receives a C risk grade (45/100) from Hindenrank, where lower scores indicate lower risk. Moonwell Vaults offer convenient exposure to Morpho lending yields with professional curation. However, the protocol's track record of three security incidents in twelve months, combined with the discontinued bug bounty and ongoing curator transition, creates elevated risk. The underlying Morpho infrastructure is solid, but Moonwell's integration layer has demonstrated persistent vulnerability to oracle attacks. Only suitable for risk-aware users who closely monitor security developments. Moonwell Vaults is a yield product that deposits your crypto into Morpho lending markets on Base to earn returns from borrower interest. A professional risk curator decides which markets your money goes to and how much goes where, while the vault automatically reinvests your earnings. Think of it as hiring a fund manager who allocates your deposits across different lending opportunities.
What are the main risks of using Moonwell Vaults?
The key risks identified for Moonwell Vaults are: (1) Moonwell has been exploited three times in the past year ($320K in Dec 2024, $1.7M in Oct 2025, $1M in Nov 2025) — a concerning pattern of repeated security failures (2) The protocol discontinued its bug bounty program before the latest exploits, meaning fewer security researchers are looking for vulnerabilities (3) Your money is managed by a risk curator (recently changed from Block Analitica to Anthias Labs) — you are trusting their judgment on which markets are safe (4) The November 2025 exploit was caused by a Chainlink oracle glitch — the same type of failure could happen again
What is Moonwell Vaults's risk score breakdown?
Moonwell Vaults scores 45/100 across eight risk dimensions: Mechanism Novelty: 3/15, Interaction Severity: 10/20, Oracle Surface: 4/10, Documentation Gaps: 3/10, Track Record: 12/15, Scale Exposure: 3/10, Regulatory Risk: 3/10, Vitality Risk: 7/10. The highest risk area is Track Record at 12/15.
How does Moonwell Vaults compare to other Yield protocols?
Among 112 rated Yield protocols on Hindenrank, Moonwell Vaults ranks #102 by safety (lowest risk score = safest). Its 45/100 risk score and C grade place it among the riskier Yield protocols.
Has Moonwell Vaults ever been hacked or exploited?
Moonwell Vaults scores 12/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.