Moola Market Attacker Returns 93% of Stolen Funds

  • The attacker was able to manipulate the price of the protocol’s native MOO token, which he then used as collateral to borrow more than $9 million from the platform.
  • The Moola Market team was able to contact the attacker, who shortly after returned 93% of the stolen funds, and kept the remaining as bug bounty.


Celo-based decentralized finance (DeFi) lending protocol Moola Market was exploited for roughly $9 million, though the attacker later returned a large portion of the funds, the platform said via Twitter on 19 October.

The team behind Moola Market first reported the attack around 6:00 pm UTC on Tuesday, when they paused all activity on the protocol to limit the damages. The platform also noted it had contacted law enforcement and “taken steps to make it difficult to liquidate the funds”, as well as offered the attacker a bug bounty payment if the funds were returned in the next 24 hours.

According to Moola Market’s investigation, the attacker was able to manipulate the price of the platform’s native MOO token by using it as collateral to borrow CELO, which was then used as collateral to borrow more MOO. By repeating this process multiple times, the exploiter was able to drive the token’s price up significantly, and increase it by 6,400% of its original value.

The attacker eventually used the inflated token price to borrow $6.6 million worth of CELO, $1.2 million of MOO, $740,000 Cello Euros (cEUR), and $644,000 Celo Dollars (cUSD), effectively draining the protocol’s funds. All activities on the platform were paused around this time.

Shortly after the initial announcement, the Moola Market team confirmed it was in contact with an individual claiming to be the attacker, which was easily confirmed. The team then revealed the attacker had returned a little over 93% of the stolen funds after some negotiations, seemingly keeping the remaining $500,000 as a bug bounty.

There is currently a governance proposal on Moola Market, which if passed will prevent similar attacks in the future by lowering the liquidation levels that govern MOO’s use as collateral, effectively “removing it as a viable collateral asset”.

This incident is very similar to the $117 million Mango Markets exploit last week, which saw an attacker manipulate the price of the MNGO token, and then used the inflated collateral value of his account to take out massive loans. Shortly after, blockchain analytics firm Chainalysis revealed that this October has become the largest month for crypto-related crime in history.

Related Coverage
Hacker Drains $100M from DeFi Platform Mango Markets
  • The attacker was able to manipulate the price of MNGO, which increased the collateral value of his account and allowed him take out massive loans.
  • The individual has proposed to send back the stolen funds if Mango Markets agrees to pay back bad debt using its remaining USDC and not pursue a criminal investigation.
October 12, 2022, 9:42 AM