Celo Protocol Moola Market Loses Over $10M in Market Manipulation Attack

Over 93% of the stolen funds were returned to the protocol shortly after the attack, developers said.

AccessTimeIconOct 19, 2022 at 6:44 a.m. UTC
Updated Oct 19, 2022 at 2:11 p.m. UTC

Celo-based lending and borrowing protocol Moola Market had over $10 million worth of tokens stolen, and later returned, Wednesday morning after a market manipulation attack.

The exploit was the second of its kind in the last few weeks, with the attackers manipulating the prices of Moola’s native MOO tokens to borrow collateral against their positions – effectively draining the protocol.

Moola developers said the attack started during late Asian hours on Tuesday. “An unknown attacker started manipulating the price of MOO on Ubeswap, allowing the attacker to manipulate the MOO TWAP price oracle used by the Moola protocol,” they wrote. Oracles are third-party services that fetch data from outside a blockchain to within it.

The attacker borrowed a large amount of cUSD and cEUR, two Celo-based stablecoins pegged to U.S. dollar and euro respectively, and CELO from the protocol using MOO as collateral, effectively draining the protocol of its funds. Trading on the platform was stopped at that time.

Developers said they contacted law enforcement shortly after discovering the issue. A while later, an individual identifying as the attacker reached out to the team confirming their involvement. This individual held the private key – a cryptographic value akin to a password for a certain block on the blockchain – to the stolen funds.

Moola said it was then able to negotiate with the attacker. At the time of writing, Moola recovered over 93% of the stolen funds some 12 hours after the incident.

Meanwhile, a governance proposal has been floated by the community to prevent further similar attacks. The protocol seeks to lower the liquidation levels that govern MOO's use as collateral on the platform – effectively “removing it as a viable collateral asset.”

The attack is the latest in a long list of exploits this month. With October already becoming the worst month ever for crypto attacks.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Read more about