Moola Market Exploited for $8.4 Million
The attacker made off with Moola's MOO token and various Celo-related tokens.
- Moola Market has been exploited for $8.4 million, according to reports from researcher Igor Igamberdiev.
- The exploit saw the attacker leverage MOO and CELO tokens to manipulate prices for financial gain.
- Moola Market itself has confirmed the incident and is offering a bounty for the return of funds.
Share this article
DeFi lending platform Moola Market has been exploited for $8.4 million, according to various sources.
Moola Loses $8.4 Million
Yet another DeFi protocol has been exploited for millions of dollars.
This time, the victim protocol is Moola Market, a non-custodial liquidity protocol on Celo. Like other DeFi protocols, Moola allows users to earn compound interest on deposits or to take out over-collateralized loans, delegated loans, and flash loans.
Igor Igamberdiev, a researcher for The Block, broke the news of Moola’s exploit this afternoon by briefly unpacking the $8.4 million attack on the platform in a Twitter thread today.
To attack Moola Market, the exploiter obtained 243,000 CELO from Binance. Next, they lent 60,000 CELO to Moola and borrowed 1.8 million of Moola’s native MOO tokens. Finally, the attacker began to pump the price of MOO, using the remaining CELO as collateral to borrow other tokens.
The hacker gained 1.8 million MOO tokens ($655,000). They also gained various Celo-related tokens and stablecoins including 8.8 million CELO ($6.5 million), 765,000 cEUR ($750,000), and 644,000 cUSD ($639,000).
Moola Market itself has commented on the attack. In a Twitter statement, the project said it is “actively investigating [the] incident” and paused all activity on its platform. It also warned users not to trade mTokens, Moola’s interest-bearing tokens.
Moola also said it had “contacted law enforcement and taken steps to make it difficult to liquidate the funds.” It also offered to pay a bounty payment to the attacker if the funds were returned within 24 hours.
News of the incident comes shortly after an attack on the BitKeep wallet that saw $1 million stolen via BNB Chain.
Other notable attacks this month include a $2.3 million attack on TempleDAO, a $100 million attack on Mango Markets, and a potential $536 million attack on BNB Chain. The high number of recent attacks has led some commentators to style October 2022 as “Hacktober.”
Crypto analytics firm Chainalysis suggested last week that about $718 million has been stolen this month across 11 different attacks—not accounting for today’s incidents.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.