Celo Protocol Moola Market Loses Over $10M in Market Manipulation Attack

Celo-based lending and borrowing protocol Moola Market saw over $10 million worth of tokens stolen, and later returned, this morning after a market manipulation attack.

The exploit was the second of its kind in the last few weeks, with the attackers manipulating the prices of Moola’s native MOO tokens to borrow collateral against their positions – effectively draining the protocol.

Moola developers said the attack started during late Asian hours on Tuesday. “An unknown attacker started manipulating the price of MOO on Ubeswap, allowing the attacker to manipulate the MOO TWAP price oracle used by the Moola protocol,” they wrote. Oracles are third-party services that fetch data from outside a blockchain to within it.

The attacker borrowed a large amount of cUSD and cEUR, two Celo-based stablecoins pegged to U.S. dollar and euro respectively, and CELO from the protocol using MOO as collateral, effectively draining the protocol of its funds. Trading on the platform was stopped at that time.

We discovered the issue at 4:54pm UTC and promptly created a war room to examine the situation and contacted law enforcement. It was around this time that we posted the following tweet to the community inviting the attacker to reach out: https://t.co/UsdN44X70X

— Moola Market 🐮 (@Moola_Market) October 19, 2022

Developers said they contacted law enforcement shortly after discovering the issue. A while later, an individual identifying as the attacker reached out to the team confirming their involvement. This individual held the private key – a cryptographic value akin to a password for a certain block on the blockchain – to the stolen funds.

Moola said it was then able to negotiate with the attacker. At the time of writing, Moola recovered over 93% of the stolen funds some 12 hours after the incident.

Meanwhile, a governance proposal has been floated by the community to prevent further similar attacks. The protocol seeks to lower the liquidation levels that govern MOO's use as collateral on the platform – effectively “removing it as a viable collateral asset.”

The attack is the latest in a long list of exploits this month. With October already becoming the worst month ever for crypto attacks.