<p><span style="font-weight: 400;">The Moola Market hacker has returned the majority of funds that were stolen though an exploit.</span></p> <p><span style="font-weight: 400;">On Tuesday, Moola Market, a lending protocol on the <a href="https://www.theblock.co/post/157509/celo-blockchain-suffers-a-critical-network-outage">Celo blockchain</a>, suffered an <a href="https://www.theblock.co/post/178109/defi-lending-protocol-moola-markets-hit-by-8-4-million-exploit">$8.4 million</a> exploit. Hours later, the attacker <a href="https://celoscan.io/address/0x95b5579b323ddc6cd290bd4da6e56ba019588efc">returned</a> 93.1% of the stolen funds ($7.8 million) to Moola's wallet. </span></p> <p><span style="font-weight: 400;">"Following today's incident, 93.1% of the funds have been returned to the Moola governance multi-sig," the team tweeted.</span></p> <p><span style="font-weight: 400;">The attacker kept the remaining funds some 700,000 CELO tokens ($518,000) as a negotiated bounty reward that the team had previously offered. </span></p> <h2><span style="font-weight: 400;">How the Moola attack unfolded</span></h2> <p><span style="font-weight: 400;">The attacker took advantage of the low liquidity of MOO, the native token on Moola's lending protocol on the Celo blockchain. They inflated the value of MOO on a decentralized exchange called Ubeswap and leveraged the tokens as collateral to drain user assets deposited into the protocol, <a href="https://twitter.com/FrankResearcher/status/1582448720985014273">according to</a> Igor Igamberdiev, research director of data at The Block.</span></p> <p><span style="font-weight: 400;">More specifically, the attacker started out with 243,000</span><span style="font-weight: 400;"> CELO tokens ($182,000) held in their address on the Celo network. The next step was depositing 60,000 CELO tokens on Moola and borrowing </span><span style="font-weight: 400;">1.8 million MOO tokens. The attacker then used their remaining CELO tokens to rapidly inflate the price of MOO.</span></p> <p><span style="font-weight: 400;">The perpetrator moved on to leverage the increased value of their MOO tokens as collateral to borrow other assets in a loop. By using just $182,000 in CELO, they were able to drain 8.8 million CELO ($6.5 million), 765,000 cEUR ($700,000), 1.8 million MOO ($600,000), and 644,000 cUSD ($600,000) from Moola Market, per </span><a href="https://celoscan.io/address/0x95b5579b323ddc6cd290bd4da6e56ba019588efc"><span style="font-weight: 400;">on-chain transactions.</span></a></p> <p>Moola was able to recover $7.8 million in what is turning to be a normal phenomenon for DeFi exploits. <a href="https://www.theblock.co/data/decentralized-finance/exploits">Estimates</a> from The Block show that of more than $213 million stolen during October, $93 million was later returned by the hackers.</p> <p>While the project has recovered most of its funds, the activity on the lending protocol remains paused for the time being. The lending service will be resumed only after community discussions on the next steps, the team noted.</p> <p><iframe frameborder="0" height="420" src="https://embed.theblockcrypto.com/data/decentralized-finance/exploits/stolen-vs-returned-funds-in-result-of-defi-attacks/embed" title="Stolen vs returned funds in result of DeFi attacks" width="100%"></iframe></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>