In a surprising turn of events, the culprit behind the Moola Market exploit yielded more than 93% of the stolen money. The money was returned just hours after the attack on the Celo blockchain-based platform.
Explore the exploit
On October 18, at 4:00 PM UTC, an attacker began manipulating MOO, Moola Market’s native token. The manipulation was the result of repeated swaps and loans. An investigation has been conducted by blockchain security firm hacking.
The investigation revealed that the attacker initially funded her/his account with CELO, and went on to: purchase large amounts of MOO. This led to a price spike given the token’s low liquidity.
Here are the details of exploit:
— Hacking🇺🇦 (@hackingclub) October 18, 2022
The inflated MOO tokens were then used as collateral to to lend more CELO coins. This was then followed by an exchange for MOO tokens, which caused a further price increase. This cycle was repeated several times, causing MOO to rise from $0.018 to $0.65.
Finally, with this wealth of inflated MOO tokens, the attacker borrowed 8.82 million CELO, 1.85 million MOO, 765,000 cEUR and 644,000 cUSD. When the dust settled, Moola Market had been operated at a cost of nearly $9.1 million.
Negotiating with the hacker…
The Moola Market team responded quickly to the exploit. Within minutes of learning about the attack, all activity on the platform was paused and the police were called in.
The platform shared a message for the attacker via its Twitter platform. Moola’s message informed the hacker of the steps being taken to prevent the stolen funds from being liquidated. The prospect of a premium was also mentioned.
We are actively investigating an incident on: @Moola_Market. All activities on Moola are paused. Please do not trade mTokens.
For the exploiter, we contacted the police and took steps to make liquidating the money difficult. We are willing to negotiate a…
— Moola Market 🐮 (@Moola_Market) October 18, 2022
The attacker contacted Moola Market within ten minutes of the tweet, and the team negotiated the return of more than 93% of the misused funds. This brought the amount to somewhere in the neighborhood of half a million dollars.
Moola Market also made it clear that it will take steps to prevent such exploits in the future.
“A board vote is currently underway for proposal ID 9 to lower the LTV and liquidation threshold for using MOO as collateral, effectively removing it as a viable collateral.” the team tweeted.
The team explained that the proposal would address vulnerabilities associated with the attack on the platform. In addition, the adoption of this proposal would allow it to resume operations in a safe manner.
The crypto community pointed out that Moola Market’s exploit bore an uncanny resemblance to the one that mango markets fell victim to last week. This month has been named Hacktober, thanks to a series of exploits that have caused a collective loss of more than a billion dollars.
This post Moola Markets Exploit: October Has Become ‘Hacktober’ for the Crypto Market
was published first on https://ambcrypto.com/moola-markets-exploit-its-an-october-turned-hacktober-for-the-crypto-market/