web3 security

The attacker has scored about a half-million dollar “bug bounty” after choosing to return a majority of the cryptocurrency they exploited from the Celo-based lending protocol.

An attacker has returned just over 93% of the more than $9 million worth of cryptocurrencies they exploited from the Celo (CELO) blockchain-based decentralized finance (DeFi) lending protocol Moola Market.

At around 6PM UTC on Oct. 18 the Moola Market team tweeted it was investigating an incident and had paused all activity, adding it had contacted authorities and offered a bug bounty to the exploiter if funds were returned within 24 hours.

Analysis of the exploit by Web3 security company Hacken shows the attacker manipulated the price of the protocols’ low-liquidity native MOO token by initially purchasing around $45,000 worth and depositing it as collateral to borrow CELO.

The borrowed CELO, along with further CELO provided by the attacker, was then used as collateral to borrow more MOO, driving up the token’s price. The attacker continued repeating this until the MOO token price had increased by 6,400%.

With the inflated token price, the attacker was able to borrow $6.6 million worth of CELO, $1.2 million of MOO, along with $740,000 of Cello Euros (cEUR) and $644,000 Celo Dollars (cUSD) all worth multiples more than their initial posted collateral resulting in the protocol's loss of around $9.1 million.

Five hours after the initial confirmation of the exploit, Moola Market tweeted it had received just over 93% of the funds exploited, with the attacker seemingly keeping the rest making around $500,000 as a bug bounty.

Following today's incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola, and will follow up with the community about next steps, and to safely restart operations of the Moola protocol. (1/2) https://t.co/UsdN44X70X

— Moola Market (@Moola_Market) October 18, 2022

Moola Market did not immediately respond to Cointelegraph’s request for comment.

The attack draws similarities to the $117 million exploit suffered by Mango Markets on Oct. 11 in which Avraham Eisenberg and his team manipulated the price of the Solana (SOL)-based DeFi protocols’ native token to borrow cryptocurrencies with an undercollateralized backing. Eisenberg negotiated to keep $47 million as a “bounty.”

Related: BNB Chain responds with next steps for cross-chain security after network exploit

Multi-chain cryptocurrency wallet BitKeep also suffered an exploit late on Oct. 17 with an attacker making off with $1 million worth of Binance Coin (BNB) through a service used to swap tokens, BitKeep says it will fully reimburse any affected users.

The attacks are the latest in a series of exploits to have taken place in October which has also shaped up to be the biggest month ever for hacking activity with the total hacked value reaching around $718 million up until Oct. 12 according to analytics firm Chanalysis.