Moola Market – a decently sized crypto lending platform – was exploited via price manipulation of its native token, MOO, which has relatively low liquidity. The platform is working on a remedy to avoid future exploits.
Celo-based lending protocol Moola Market found more than $10 million worth of tokens stolen and returned this morning after a market manipulation attack.
The flaw, the second of its kind in recent weeks, resulted in attackers manipulating the price of Moola’s native MOO token to borrow collateral to bolster their positions – effectively draining the log.
Moola developers said the attack began late in Tuesday’s Asian session. “An unknown attacker began manipulating the price of MOO on Ubeswap, which allowed the attacker to manipulate the MOO TWAP price oracle used by the Moola protocol,” they wrote.
The attackers borrowed large amounts of cUSD and cEUR from the protocol, backed by MOO, two Celo-based stablecoins pegged to the US dollar and euro respectively, and CELO, effectively draining the protocol’s funds. The developers paused trading on the platform at that time.
Attacker Returns Stolen Funds to Moola Market
The developers said they contacted law enforcement shortly after discovering the issue. After a while, someone identified as the attacker contacted the team to confirm his involvement. This person holds the private key to the stolen funds — an encrypted value, similar to the password of a block on the blockchain. The attacker agreed to send the funds back.
The attackers also donated a portion of the unreturned funds to ImpactMarket, a Moola Market escrow institution that provides a Universal Basic Income (UBI) to financially underserved communities around the world.
Moola is currently working on a governance proposal to close the loophole that led to the exploit, but is urging that it be fixed as soon as possible so the system can boot again. The protocol seeks to lower the liquidation levels that govern MOO’s use as collateral on the platform – effectively “removing it as a viable collateral asset.”