In a surprising turn of events, the perpetrators More than 93% of the stolen funds were behind the exploit on the Moola market. The funds were returned just hours after the attack on the blockchain-based Celo platform.
Explore the exploit
On October 18 at 16:00 UTC, an attacker began manipulating MOO, Moola Market’s native token. The manipulation was the result of repeated bartering and borrowing. An investigation was conducted by a blockchain security firm Chop.
The investigation initially identified the attacker funded her/his account with CELO and continued with to buy large amounts of MOO. This led to a price increase given the low liquidity of the token.
🚨 @Moola_Market Minutes in the Celo (@CeloOrg) ecosystem was exploited for $9.1 million nearly 5 hours ago
Here are the details of the exploit:
…
— Hacken🇺🇦 (@hackenclub) October 18, 2022
The inflated MOO tokens were then used as collateral borrow more CELO coins. This was followed by an exchange for MOO tokens, which led to a further increase in price. This cycle repeated several times, taking MOO from $0.018 to $0.65.
Eventually, with this hoard of inflated MOO tokens, the attacker borrowed 8.82 million CELO, 1.85 million MOO, cEUR 765,000 and cUSD 644,000. By the time the dust settled, the Moola market had been exploited to the tune of nearly $9.1 million.
Negotiations with the hacker…
The Moola Market team responded quickly to the exploit. Within minutes of the attack becoming public, all activity on the platform was halted and law enforcement involved.
The platform shared a message for the attacker via its Twitter platform. Moola’s message informed the hacker of the steps taken to avoid liquidation of the stolen funds. The prospect of a bounty was also mentioned.
We are actively investigating an incident on @Moola_Market. All activity on Moola has been paused. Please do not trade mTokens.
To the exploiter, we have contacted law enforcement and have taken steps to make the liquidation of the funds more difficult. We are ready to have a…
— Moola Market 🐮 (@Moola_Market) October 18, 2022
The attacker came forward within 10 minutes of Moola Market’s tweet and the team negotiated the return of over 93% of the stolen funds. That put the amount somewhere in the neighborhood of half a million dollars.
Moola Market also clarified that it will take steps to prevent such exploits in the future.
“A governance vote is currently underway for Proposal ID 9 to lower the LTV and liquidation threshold governing the use of MOO as collateral, effectively removing it as a viable collateral asset.” The team tweeted.
The team stated that the proposal would address vulnerabilities associated with the attack on the platform. Furthermore, approval of this proposal would allow it to resume operations in a safe manner.
The crypto community pointed out that the Moola Market exploit bore an uncanny resemblance to the one used by mango markets fell victim last week. This month has been named Hacktober thanks to a series of exploits that have caused a collective loss of over a billion dollars.
