Page 95 - Cyber Defense eMagazine December 2022 Edition
P. 95
Moola Market Manipulation
Why Liquidity Matters for Lending Protocols
By Professor Ronghui Gu, Co-Founder, CertiK
On October 18, 2022, Moola Market – a non-custodial liquidity protocol operating on the Celo blockchain
– suffered a loss of approximately $8 million. The incident was the result of an attacker manipulating the
price of the platform’s native $MOO token, which allowed them to use the inflated price of their $MOO
collateral to borrow additional tokens from the platform.
The attack flow was nearly identical to the Mango Markets incident that occurred the week prior, in which
an attacker also borrowed the illiquid native token of the lending platform, manipulated the price higher,
and then used this newly inflated value of their collateral to borrow an outsized amount of the protocol’s
assets.
In both cases, the attacker returned most of the funds they had obtained. Moola Markets negotiated with
the attacker, who returned 93.1% of the funds in return for a $500,000 bounty payment. While this
prevented Moola liquidity providers from being as negatively impacted as they could have been, DeFi
Cyber Defense eMagazine – December 2022 Edition 95
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.