On Tuesday, Moola Market, a lending protocol on the Celo blockchain, suffered an $8.4 million exploit. Hours later, the attacker returned 93.1% of the stolen funds ($7.8 million) to Moola's wallet.
"Following today's incident, 93.1% of the funds have been returned to the Moola governance multi-sig," the team tweeted.
The attacker kept the remaining funds some 700,000 CELO tokens ($518,000) as a negotiated bounty reward that the team had previously offered.
The Moola attack unfolded
The attacker took advantage of the low liquidity of MOO, the native token on Moola's lending protocol on the Celo blockchain. They inflated the value of MOO on a decentralized exchange called Ubeswap and leveraged the tokens as collateral to drain user assets deposited into the protocol, according to Igor Igamberdiev.
More specifically, the attacker started out with 243,000 CELO tokens ($182,000) held in their address on the Celo network. The next step was depositing 60,000 CELO tokens on Moola and borrowing 1.8 million MOO tokens. The attacker then used their remaining CELO tokens to rapidly inflate the price of MOO.
The perpetrator moved on to leverage the increased value of their MOO tokens as collateral to borrow other assets in a loop. By using just $182,000 in CELO, they were able to drain 8.8 million CELO ($6.5 million), 765,000 cEUR ($700,000), 1.8 million MOO ($600,000), and 644,000 cUSD ($600,000) from Moola Market, per on-chain transactions.
While the project has recovered most of its funds, the activity on the lending protocol remains paused for the time being. The lending service will be resumed only after community discussions on the next steps, the team noted. Moola Market raised $1.4 million in a seed round led by Polychain Capital and Flori Ventures in March 2021.