In a surprising turn of events, the perpetrator behind the Moola Market exploit returned more than 93% of the stolen funds. The funds were returned just hours after the attack took place on the Celo blockchain-based platform.
Exploring the exploit
On 18 October, at 4 pm UTC, an attacker started manipulating with MOO, Moola Market’s native token. The manipulation was the result of repeated swaps and borrowings. An investigation was carried out by blockchain security firm Hacken.
The investigation stated the attacker initially funded her/his account with CELO, and proceeded to purchase large amounts of MOO. This led to a price spike given the low liquidity of the token.
🚨 @Moola_Market protocol in the Celo (@CeloOrg) Ecosystem was exploited for $9.1 millions almost 5 hours ago
Here are the details of exploit:
— Hacken🇺🇦 (@hackenclub) October 18, 2022
The inflated MOO tokens were then used as collateral to borrow more CELO coins. This was then followed by a swap for MOO tokens, causing a further price hike. This cycle was repeated several times, which took MOO from $0.018 to $0.65.
Finally, with this hoard of inflated MOO tokens, the attacker borrowed 8.82 million CELO, 1.85 million MOO, 765,000 cEUR, and 644,000 cUSD. When the dust settled, Moola Market had been exploited to the tune of almost $9.1 million.
Negotiating with the hacker…
The Moola Market team was quick to react to the exploit. Within minutes of taking cognizance of the attack, all activities on the platform were paused and law enforcement was roped in.
The platform, via its Twitter platform, shared a message for the attacker. The message from Moola informed the hacker of the steps taken in order to avoid liquidating the stolen funds. The prospect of a bounty was also mentioned.
We are actively investigating an incident on @Moola_Market. All activity on Moola has been paused. Please do not trade mTokens.
To the exploiter, we have contacted law enforcement and taken steps to make it difficult to liquidate the funds. We are willing to negotiate a…
— Moola Market 🐮 (@Moola_Market) October 18, 2022
The attacker reached out within ten minutes of Moola Market’s tweet, and the team negotiated the return of over 93% of the exploited funds. This put the amount of the somewhere in the vicinity of half a million dollars.
Moola Market also clarified that it will undertake measures to prevent such exploits in the future.
“There is a governance vote currently in-flight for proposal ID 9 to reduce LTV and liquidation threshold governing MOO’s use as collateral, effectively removing it as a viable collateral asset.” the team tweeted.
The team explained that the proposal would address the vulnerabilities associated with the attack on the platform. Furthermore, the approval of this proposal would allow it to resume operations in a safe manner.
The crypto community pointed out that the Moola Market exploit bore an uncanny resemblance to the one that Mango Markets fell victim to last week. This month has been dubbed Hacktober, thanks to a series of exploits that have caused a collective loss of over a billion dollars.