Moonwell suffers governance attack; attackers attempt to control over a million dollars with only $1,800.

The DeFi lending protocol Moonwell is facing a governance attack on its Moonriver deployment. An unknown attacker spent approximately $1,800 to purchase about 40 million MFAM tokens, completing the purchase, initiating a proposal, and getting it approved in about 11 minutes. The attacker attempted to transfer administrator privileges for seven core contracts, including lending markets, controllers, and oracles, to their controlled contract, thereby potentially withdrawing approximately $1.08 million in user funds. The proposal is currently in voting until March 27th. An early quorum was reached, but the "no" votes prevailed, and the final outcome depends on the remaining votes and coordination. Moonwell can also veto the proposal and regain control through an emergency multisignature "Break Glass Guardian."