Defi Platform Moola Exploited for $8.4 Million in Incident Described as ‘Incredibly Simple Attack’

Moola, a decentralized finance (defi) lending and borrowing platform, was recently exploited for $8.4 million in what has been described as an “incredibly simple attack.” Moola responded to the attack by pausing all activity on the platform. The defi platform also told the attacker(s) it was willing to negotiate a “bounty payment in exchange for returning the funds within the next 24 hours,” and Moola Market has since claimed that “93.1% of funds have been returned to the Moola governance multi-sig.”

The decentralized finance (defi) lending platform Moola has become the latest such platform to be breached and digital assets worth $8.4 million were siphoned in what has been described as “an incredibly simple attack.” According to a Twitter user named Igor Igamberdiev, the digital assets that the attacker made off with include 8.8 million CELO ($6.5 million) and 1.8 MOO ($0.6 million) tokens as well as euro and dollar stablecoins valued at $1.3 million.

1/3

Today @Moola_Market has been exploited for $8.4M:

– 8.8M CELO ($6.5M)
– 765k cEUR ($0.7M)
– 1.8M MOO ($0.6M)
– 644k cUSD ($0.6M)

It was an incredibly simple attack pic.twitter.com/mSRNaMBwQi

— Igor Igamberdiev (@FrankResearcher) October 18, 2022

Explaining how the incident went down, Igamberdiev revealed the attacker initiated the process with 243,000 CELO tokens obtained from Binance. Next, the attacker “lent 60k CELO to Moola and borrowed 1.8M MOO to use them as collateral.” Now left with a little over 180,000 CELO tokens, the attacker(s) then began using these to pump the MOO price as well as “use it as collateral and borrow all other tokens.”

Next, after offers for negotiation, the attacker(s) returned funds to the defi platform’s multi-sig and in the end, they “got 700k CELO as a bug bounty.” Igamberdiev added that the attackers had “already tried to move 50k of them to the multi-sig created by Impact Market.”

Following the attack, Moola Market issued a statement acknowledging the attack and its willingness “to negotiate a bounty payment in exchange for returning the funds within the next 24 hours.” In addition to pausing all activity on Moola, the defi platform told the attacker that contact had been made with law enforcement and that steps have been taken to make it difficult for the attackers to liquidate the tokens.

Following today's incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola, and will follow up with the community about next steps, and to safely restart operations of the Moola protocol.

— Moola Market (@Moola_Market) October 19, 2022

In a tweet, the defi platform also claimed that over 93% of the funds had already been returned to its governance multi-sig and that the community will be informed of the next steps.

Meanwhile, in a response to Igamberdiev’s tweet, another user named Marco $Pact claimed that their protocol — Impact Market — had received the funds from the attacker.

“I can confirm that those 50K CELO were sold for cUSD and donated through
Impact Market to support thousands of families from 30+ developing countries living in vulnerability as unconditional basic income,” Marco $Pact tweeted.

While Marco $Pact claims to have seen the incident happening, the Twitter user insists they “were not involved in this.”

What are your thoughts on this story? Let us know what you think in the comments section below.