It has been reported that on Oct. 19, DeFi liquidity protocol Moola tweeted that it was investigating an incident and had paused operations of the platform. Web3 security firm Hacken looked into the exploit revealing that $9.1 million had been stolen from the Celo blockchain-based platform. The attacker funded an account with CELO tokens and used them to buy large amounts of MOO tokens which caused prices to climb due to low liquidity. The attacker borrowed more CELO using MOO collateral, repeating this cycle and pushing up the prices. A huge loan was taken out at these inflated prices.
The full story can be found here: https://beincrypto.com/benevolent-moola-market-defi-hacker-returns-9m-exploited-funds/
In the 11th major crypto hack this month so far, hackers made off with around $9.1 million from DeFi platform, Moola Market. According to Comparitech’s crypto heist tracker, this takes the total stolen in October 2022 to nearly $270 million. The hacker was able to manipulate the price of the MOO token by purchasing around $45,000 of the token before using this as collateral to borrow CELO. The attacker then used CELO as collateral to borrow more MOO, increasing the token price due to low liquidity. This step was repeated until the hacker was able to borrow around $9.1 million.
However, as we are seeing in many of these new heists, it is reported that the hacker has returned all but $500k to the platform, keeping the rest as a “reward” for recognizing the vulnerability. In last week’s hack on Mango Markets, which was of a similar style to this one, the hacker negotiated a bounty of $47m from the $117m exploited from the platform.
So far this year we have seen 141 crypto heists worth an estimated $2.55 billion. Last year we saw 132 attacks with losses of $2.74 billion.