Defi Platform Moola Exploited for $8.4 Million in Incident Described as ‘Incredibly Simple Attack’ – Security Bitcoin News

Moola, a decentralized finance (defi) lending and borrowing platform, was recently exploited for $8.4 million in what has been described as an “incredibly simple attack.” Moola responded to the attack by pausing all activity on the platform. The defi platform also told the attacker(s) it was willing to negotiate a “bounty payment in exchange for returning the funds within the next 24 hours,” and Moola Market has since claimed that “93.1% of funds have been returned to the Moola governance multi-sig.”

Funds taken from Moola

The decentralized finance (defi) lending platform Moola has become the latest such platform to be breached and digital assets worth $8.4 million were siphoned in what has been described as “an incredibly simple attack.” According to a Twitter user named Igor Igamberdiev, the digital assets that the attacker made off with include 8.8 million CELO ($6.5 million) and 1.8 MOO ($0.6 million) tokens as well as euro and dollar stablecoins valued at $1.3 million.

Igamberdiev described how the incident occurred. The attacker started the operation with Binance’s 243,000 CELO tokens. Next, the attacker “lent 60k CELO to Moola and borrowed 1.8M MOO to use them as collateral.” Now left with a little over 180,000 CELO tokens, the attacker(s) then began using these to pump the MOO price as well as “use it as collateral and borrow all other tokens.”

Next, after offers for negotiation, the attacker(s) returned funds to the defi platform’s multi-sig and in the end, they “got 700k CELO as a bug bounty.” Igamberdiev added that the attackers had “already tried to move 50k of them to the multi-sig created by Impact Market.”

Moola Willingly Negotiated

Following the attack, Moola Market issued a statement acknowledging the attack and its willingness “to negotiate a bounty payment in exchange for returning the funds within the next 24 hours.” In addition to pausing all activity on Moola, the defi platform told the attacker that contact had been made with law enforcement and that steps have been taken to make it difficult for the attackers to liquidate the tokens.

The defi platform claimed in a tweet that 93% of funds were already returned to governance multisig. It also stated that it will inform the community about the next steps.

Meanwhile, in a response to Igamberdiev’s tweet, another user named Marco $Pact claimed that their protocol — Impact Market — had received the funds from the attacker.

“I can confirm that those 50K CELO were sold for cUSD and donated through
Impact Market to support thousands of families from 30+ developing countries living in vulnerability as unconditional basic income,” Marco $Pact tweeted.

While Marco $Pact claims to have seen the incident happening, the Twitter user insists they “were not involved in this.”

Your thoughts? Comment below and let us know how you feel.

Terence Zimwara

Terence Zimwara, a Zimbabwean journalist, writer and author who has been awarded the Zimbabwe Booker Prize. His writings have covered the economic problems of several African countries and how digital currency can offer an escape route.

Images creditShutterstock. Pixabay. Wiki Commons

DisclaimerThe information contained in this article is intended to be informative. This article is not intended to be a solicitation or offer to sell or buy any product, service, or company. is not a provider of investment, tax, legal or accounting advice. This article does not contain any information, products, or advice that can be used to cause or alleged result in any kind of damage.

Get more Crypto News at CFX Magazine