Moola Market Loses $8.4 Million in an ‘Incredibly Simple Attack’

Last Updated:
Defi_Platform_Moola_Exploited_For_$8_4_Million_In_Incident_Described
  • Moola Market suffered a cyber-attack exploiting over $8.4 million.
  • The DeFi platform managed to retrieve 93.1% of the exploited funds.
  • A tech lead at Arbitrum saved BitBTC nearly $200 billion from a potential exploit.

DeFi lending and borrowing platform Moola Market suffered a cyber-attack and was exploited for $8.4 million. The hackers manipulated the price of the native token MOO on Ubeswap on October 18, at around 4:04 pm UTC.

The DeFi platform informed its users of the breach on its Twitter handle.

Initial investigations revealed that the attacker used MOO as security and was able to borrow a sizable sum of cUSD, cEUR, and Celo from the protocol, thereby depleting its reserves.

Following the attack, the Moola team contacted authorities and offered a bug bounty to the exploiter if funds were returned within 24 hours. Subsequently, five hours later, Moola tweeted that it had received about 93.1% of the exploited funds. The attacker kept the remaining $500,000 as a bug bounty.

The Moola team officially announced that:

Following today’s incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola and will follow up with the community about the next steps, and to safely restart operations of the Moola protocol

As of now, the trading activities on Moola remain suspended and the team is trying to restore functionality to the Moola protocol and ensure that updated measures are in place to prevent the incident from repeating.

On the other hand, Lee Bousfield, a tech lead at Arbitrum, helped prevent the latest such near-miss by publicly pointing out a vulnerability in BitBTC’s Optimism bridge, following an entire year of “successful” robberies. Bousfield saved BitBTC nearly $200 billion, which could have been lost in the exploit.

The techie added that the Optimism layer-2 blockchain bridge facilitates withdrawals of any token from a corresponding layer-1 wallet. Whereas, the BitBTC code does not acknowledge what the layer-2 token is — and mints an arbitrary layer-1 to match.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

CoinStats ad

Latest News