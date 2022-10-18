An attacker has returned about 93% of the cryptocurrency worth more than $9 million that they stole from the Celo (CELO) blockchain-based decentralized finance (DeFi) lending system Moola Market.

The Moola Market team tweeted at 6 PM UTC on October 18 that it was investigating an incident and had suspended all activity, adding that it had alerted authorities and promised a bug bounty to the exploiter if money were restored within 24 hours.

We are actively investigating an incident on @Moola_Market. All activity on Moola has been paused. Please do not trade mTokens. To the exploiter, we have contacted law enforcement and taken steps to make it difficult to liquidate the funds. We are willing to negotiate a… — Moola Market (@Moola_Market) October 18, 2022

According to Web3 security firm Hacken’s analysis of the hack, the attacker manipulated the price of the protocols’ low-liquidity native MOO token by initially acquiring about $45,000 worth and putting it as collateral to borrow CELO.

@Moola_Market protocol in the Celo (@CeloOrg) Ecosystem was exploited for $9.1 millions almost 5 hours ago. Here are the details of exploit:… — Hacken (@hackenclub) October 18, 2022

The borrowed CELO, coupled with additional CELO given by the attacker, was then used as collateral to borrow more MOO, causing the token’s price to rise. The attacker kept doing this until the MOO token price soared by 6,400%.

With the inflated token price, the attacker was able to borrow $6.6 million worth of CELO, $1.2 million worth of MOO, $740,000 worth of Cello Euros (cEUR), and $644,000 worth of Celo Dollars (cUSD), all worth multiples of their initial posted collateral, resulting in a loss of around $9.1 million for the protocol.

Five hours after the initial confirmation of the exploit, Moola Market announced that it had received over 93% of the cash exploited, with the attacker apparently keeping the remainder, earning roughly $500,000 as a bug bounty.