The attacker took advantage of the low liquidity of MOO, the native token on Moola’s lending protocol on the Celo blockchain. They inflated the value of MOO on a decentralized exchange called Ubeswap and leveraged the tokens as collateral to drain user assets deposited into the protocol, according to Igor Igamberdiev, research director of data at The Block.
Moola Market, an Ethereum-based lending protocol, suffered a $8.4 million exploit on Tuesday, according to a blog post by the company. The hacker withdrew all funds from Moola’s wallet, leaving only $21,000 in the contract.
The hacker, who goes by the name “drak” on Twitter, began stealing money from Moola on Tuesday. The platform, which is a peer-to-peer lending protocol and exchange, was able to freeze some of the funds before they were withdrawn.
However, drak managed to withdraw roughly $7.8 million worth of Moola tokens (MOU) at one point during the attack, according to data collected by CoinDesk and confirmed by Moola Market founder Peter Williams.
But after a few hours of the attack ending, Williams said that he received an email from drak stating:
“I have just returned all of your coins.”
While the project has recovered most of its funds, the activity on the lending service remains paused for now. The team noted that it will be resumed only after community discussions on next steps are completed.
This is not drak’s first attempt at stealing cryptocurrencies through exploiting critical vulnerabilities in exchange platforms or wallets. He previously hacked Coinbase and Binance and has claimed responsibility for other hacks such as Bitmex and KuCoin.
“This is not how we wanted this news to come out,”writes Moola founder Chris Tse in a blog post released Wednesday morning.”We have been working tirelessly since yesterday afternoon with our partners and exchanges to ensure that no one else gets affected by this breach.”
Moola was founded by Celo, a $22 million blockchain protocol with its own native token. The company’s mission is to give developers and entrepreneurs access to capital through what it calls “liquidity pools.”
Don’t worry, we hate spam too
one weekly digest, just the important stuff.
How about some social? Follow us on Twitter!