On October 18, 2022, Moola Market was exploited for $9.1 million. The exploit involves draining multiple tokens, including 8.8 million $CELO tokens valued at $6.6 million, 765k $cEUR tokens worth $0.7 million, 1.8 million $MOO tokens worth $1.2 million, and 644k $cUSD tokens worth $0.6 million.
The attacker manipulated the price of the low-liquidity native $MOO token by acquiring a portion of it, and then used them as a collateral to borrow $CELO tokens back-and-forth to take away the funds. The exploit did not require the creation of a newer smart contract.
After the announcement of the incident, the team halted all the activity on Moola. The team tweeted
that they had informed law enforcement agencies and taken steps to make liquidating the assets difficult.
A bounty payment was also announced in exchange for returning the funds within the next 24 hours of the incident, after which 93.1% of stolen funds were returned to the Moola governance multi-sig. The attacker appears to have kept the remaining funds, earning around $500,000 as a bug bounty.
Price manipulation results from logical flaws in DeFi applications; therefore, it is necessary to examine multiple smart contracts and comprehend the high-level semantics of DeFi applications in order to detect it.
A team can also mitigate all of these risks to a greater extent by utilizing oracles such as ChainLink.
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.