Moola Market attacker returns most of $9M looted for $500K bounty

Published at: Oct. 19, 2022

An attacker has returned just over 93% of the more than $9 million worth of cryptocurrencies they exploited from the Celo (CELO) blockchain-based decentralized finance (DeFi) lending protocol Moola Market.

At around 6PM UTC on Oct. 18 the Moola Market team tweeted it was investigating an incident and had paused all activity, adding it had contacted authorities and offered a bug bounty to the exploiter if funds were returned within 24 hours.

Analysis of the exploit by Web3 security company Hacken shows the attacker manipulated the price of the protocols’ low-liquidity native MOO token by initially purchasing around $45,000 worth and depositing it as collateral to borrow CELO.

The borrowed CELO, along with further CELO provided by the attacker, was then used as collateral to borrow more MOO, driving up the token’s price. The attacker continued repeating this until the MOO token price had increased by 6,400%.

With the inflated token price, the attacker was able to borrow $6.6 million worth of CELO, $1.2 million of MOO, along with $740,000 of Cello Euros (cEUR) and $644,000 Celo Dollars (cUSD) all worth multiples more than their initial posted collateral resulting in the protocol's loss of around $9.1 million.

Five hours after the initial confirmation of the exploit, Moola Market tweeted it had received just over 93% of the funds exploited, with the attacker seemingly keeping the rest making around $500,000 as a bug bounty.

Following today's incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola, and will follow up with the community about next steps, and to safely restart operations of the Moola protocol. (1/2) https://t.co/UsdN44X70X

— Moola Market (@Moola_Market) October 18, 2022

Moola Market did not immediately respond to Cointelegraph’s request for comment.

The attack draws similarities to the $117 million exploit suffered by Mango Markets on Oct. 11 in which Avraham Eisenberg and his team manipulated the price of the Solana (SOL)-based DeFi protocols’ native token to borrow cryptocurrencies with an undercollateralized backing. Eisenberg negotiated to keep $47 million as a “bounty.”

Related: BNB Chain responds with next steps for cross-chain security after network exploit

Multi-chain cryptocurrency wallet BitKeep also suffered an exploit late on Oct. 17 with an attacker making off with $1 million worth of Binance Coin (BNB) through a service used to swap tokens, BitKeep says it will fully reimburse any affected users.

The attacks are the latest in a series of exploits to have taken place in October which has also shaped up to be the biggest month ever for hacking activity with the total hacked value reaching around $718 million up until Oct. 12 according to analytics firm Chanalysis.

Tags
Defi
Tokens
Hacks
Hackers
Lending
Celo
Related Posts
After Mango Market exploit, Compound pauses four tokens to protect against price manipulation
Decentralized lending protocol Compound has paused the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit from Mango Market's, according to a proposal on Compound's governance forum. With the pause, users will not be able to deposit yearn finance (YFI), 0x (ZRX), basic attention token (BAT) and maker (MKR) tokens as collateral to take loans. The proposal passed on Oct. 25 with 99% of all voters in favor. It stated: "An oracle manipulation-based attack analogous to the one that cost Mango Markets …
Altcoin / Oct. 25, 2022
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct
In a rare comedic bungle among decentralized finance (DeFi) exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Just after 8:00 am UTC on Thursday, blockchain security and analytics firm BlockSec shared it had detected an attack on a little-known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem.” The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens, which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter. Blockchain …
Defi / April 22, 2022
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Nomad releases bridge relaunch guide after patching contract vulnerability
The Nomad token bridge announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds. A redesign for the token bridge was also implemented by the Nomad team, said the company, explaining that without this redesign, the "first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left." To avoid this first-come, first-serve approach, the team …
Defi / Dec. 8, 2022