Hacker refunds $7.8 million taken from Moola Market
Hacker refunds $7.8 million taken from Moola Market. The majority of the stolen monies from Moola Market have been restored by the hacker.
Moola Market, a lending platform on the Celo blockchain, was exploited for $8.4 million on Tuesday. Hours later, the attacker restored 93.1% ($7.8 million) of the stolen cash to Moola’s wallet.
The team announced, “Following today’s event, 93.1% of the monies have been restored to the Moola governance multi-sig.”
The attacker retained around 700,000 CELO tokens ($518,000) as a previously agreed bounty money promised by the team.
The attacker used the limited liquidity of MOO, the native token of the Moola lending protocol on the Celo blockchain. According to Igor Igamberdiev, head of research and data at The Block, they inflated the value of MOO on the decentralized market Ubeswap and used the tokens as collateral to drain user money transferred into the system.
In particular, the attacker began with 243,000 CELO tokens ($182,000) in their address on the Celo network. The next stage included putting 60,000 CELO tokens on Moola and borrowing 1,8,000,000 MOO tokens. The attacker then used the remainder of their CELO tokens to dramatically raise the price of MOO.
The offender then used the growing value of their MOO tokens as security to repeatedly borrow additional assets. Using just $182,000 in CELO, they were able to withdraw $6.5 million in CELO, $700,000 in cEUR, $600,000 in MOO, and $600,000 in cUSD from Moola Market, as shown by on-chain transactions.
While the majority of the project’s cash has been recovered, the lending mechanism remains inactive for the time being. The team underlined that the loan service would not be reinstated until the community has discussed the future steps. In March 2021, Moola Market secured $1.4 million in a seed round headed by Polychain Capital and Flori Ventures.