BlockBeats News, March 26 — According to The Block, the DeFi lending protocol Moonwell is experiencing a governance attack. An attacker spent approximately $1,800 to buy about 40 million MFAM tokens, completed the purchase, submitted a proposal, and voted to approve it within about 11 minutes. The attacker aims to transfer admin rights of seven lending markets, controllers, and oracles—core contracts—into their control contract, potentially allowing them to extract around $1.08 million of user funds.
The proposal voting will continue until March 27. Early voting has reached the quorum, with opposition votes currently leading, but the final outcome still depends on remaining votes and coordination. Moonwell can also use an emergency multi-signature “Break Glass Guardian” to veto the proposal and reclaim control.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Venus Protocol 攻擊者轉移 2301 枚 ETH,流入 Tornado Cash 清洗
According to the on-chain analyst Ai Auntie’s monitoring on April 22, the Venus Protocol attacker transferred 2,301 ETH (about $5.32 million) to address 0xa21…23A7f 11 hours ago, then moved the funds in batches into the crypto mixer Tornado Cash for laundering; as of the time of monitoring, the attacker still held about $17.45 million worth of ETH on-chain.
MarketWhisper3m ago
CometBFT zero-day vulnerability exposed, $8.0 billion Cosmos network nodes face a risk of permanent lockup
Security researcher Doyeon Park disclosed on April 21 that there is a high-severity zero-day vulnerability rated CVSS 7.1 in the Cosmos consensus layer CometBFT. It could allow a malicious peer node to attack nodes during the block synchronization (BlockSync) stage and cause them to deadlock, impacting a network that safeguards more than $8 billion in assets.
MarketWhisper9m ago
North Korean Lazarus Group Releases New Mach-O Man macOS Malware Targeting Crypto
Summary: Lazarus Group released a native macOS malware toolkit named Mach-O Man, aimed at crypto platforms and high-value executives; SlowMist warns users to exercise caution against attacks.
Abstract: The article reports that the Lazarus Group has unveiled Mach-O Man, a macOS-native malware toolkit aimed at cryptocurrency platforms and high-value executives. SlowMist warns users to exercise caution to mitigate potential attacks.
GateNews38m ago
A Bitcoin toll scam appeared in the Strait of Hormuz, and after a ship paid, it was still shelled
According to CoinDesk on April 22, the Greek maritime risk services company Marisks issued a warning, saying scammers are impersonating Iranian authorities to send messages to multiple shipping companies and requesting Bitcoin or USDT as a “toll” to pass through the Strait of Hormuz. Marisks confirmed that the relevant messages are not coming through official Iranian channels, and, according to Reuters, said it believes at least one vessel was deceived and was still shelled when it tried to pass over the weekend.
MarketWhisper42m ago
RHEA Finance Security Incident Update: About a $400k shortfall remains, with a commitment to fully compensate it
RHEA Finance has released a follow-up update regarding the security incident on April 16, confirming that there has been tangible progress in recovering assets. As of this update, it is estimated that there is still an approximately $400k funding gap, mainly due to the combination of NEAR, USDT, and USDC in the lending market liquidity pool. RHEA Finance has committed to fully cover any remaining shortfall to ensure that all affected users receive full compensation.
MarketWhisper58m ago
Researcher Discloses Critical CVSS 7.1 Zero-Day Vulnerability in Cosmos Consensus Layer CometBFT
Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch.
Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.
GateNews1h ago
