In a Wednesday 19th market manipulation attack, Moola Market, a Celo-based decentralized lending and borrowing protocol, was drained of $10 million worth of tokens. Surprisingly, the attacker has since returned 93% of the stolen funds.
The team behind the protocol first noticed the incident almost an hour after the anonymous attacker began manipulating the price of its native MOO token on Ubeswap.
The perpetrator was able to manipulate the MOO TWAP price oracle used by the Moola protocol to borrow large amounts of cUSD, cEUR, and CELO against their supposed MOO collateral, completely draining the protocol of funds.
However, shortly after Moola Market posted on Twitter that it was aware of the incident and had contacted law enforcement, the hacker got in touch with the platform with proof that they had the funds. After a few hours, Moola Market managed to persuade them to return 93% of the funds.
On top of that, the hacker sent a portion of the remaining funds to ImpactMarket, a company that provides tools such as universal basic income to financially underbanked communities around the world.
In the wake of the incident, Moola Market has submitted a proposal that would effectively remove MOO as a viable collateral asset.
The Moola Market exploit bears similarities to the attack on Mango Markets last week, in which a hacker was able to cause a spike in Mango’s collateral value in order to take out massive loans from the Mango treasury, thereby draining the protocol of funds.
In terms of DeFi hack events, October has been the worst month in crypto history, as more than $800 million has already been drained from various protocols and tools.
On the Flipside
- It’s unclear who was behind the attack, or what their intentions may have been.
Why You Should Care
Recently, hackers have heavily targeted decentralized finance protocols and other crypto projects. We recommend that investors double-check the security of the protocols they’re funds are held in.