SNEAK PEEK
- An attacker has recently returned a major segment of the $9 million worth of cryptocurrency exploited from the Celo-based DeFi lending protocol Moola Market.
- Moola Market team revealed that they offered a bug bounty to the exploiter if the stolen funds were returned within 24 hours.
- The attacker was able to borrow $6.6 million worth of CELO, $1.2 million of MOO, $644,000 Celo Dollars, and $740,000 of Cello Euros.
In a recent revelation, it has come to notice that an attacker who stole $9 million worth of cryptocurrency from the Celo-based DeFi lending protocol, Moola Market, has returned a majority of the stolen amount.
Following today’s incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola, and will follow up with the community about next steps, and to safely restart operations of the Moola protocol. (1/2) https://t.co/UsdN44X70X
— Moola Market 🐮 (@Moola_Market) October 18, 2022
As revealed, the attacker has just returned 93% of the $9 million worth of cryptocurrencies stolen from Moola Market, the Celo blockchain-based decentralized finance lending protocol. On October 18, around 6:00 pm UTC, the Moola Market team shared a tweet revealing that they were investigating an incident, and as a reason of that, they paused all activities.
We are actively investigating an incident on @Moola_Market. All activity on Moola has been paused. Please do not trade mTokens.
— Moola Market 🐮 (@Moola_Market) October 18, 2022
To the exploiter, we have contacted law enforcement and taken steps to make it difficult to liquidate the funds. We are willing to negotiate a…
In addition to this, the team revealed that they had contacted authorities and deliberately offered a bug bounty to the exploiter in case the exploiter agreed to return the funds within 24 hours.
🚨 @Moola_Market protocol in the Celo (@CeloOrg) Ecosystem was exploited for $9.1 millions almost 5 hours ago
— Hacken🇺🇦 (@hackenclub) October 18, 2022
Here are the details of exploit:
…
As per an analysis carried out by Hacken, a Web3 security company, it was shown that the attacker manipulated the protocol’s low-liquidity native MOO token’s price by buying around $45k worth of crypto and depositing it as collateral in order to borrow Celo.
Due to the increase in the price of the MOO token by over 6,400% by the attacker’s drive of the price, the attacker was able to borrow $6.6 million worth of Celo, $644,000 Celo Dollars, $1.2 million worth of MOO, and $740,000 worth of Cello Euros.
Just five hours after the initial confirmation of the exploit, it was shared in a Tweet by Moola Market that they had received over 93% of the funds that were exploited. The attacker has seemingly kept the rest of the amount, which makes the bug bounty a total of around $500,000.