Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 108Oracle Manipulation

Moola Market MOO Pump Drain

$8.4M extracted from Celo's Moola Market: attacker bought MOO with $243K of CELO, pumped it 300x, used as collateral; 93.1% returned for a $500K bounty.

Date
Victim
Moola Market
Chain(s)
Celo
Status
Partially Recovered

On October 18, 2022, the Celo-based lending protocol Moola Market lost approximately $8.4 million — including 8.8M CELO ($6.5M), 765K cEUR ($750K), and 644K cUSD ($639K) — after an attacker pumped the price of Moola's own MOO governance token by approximately 300× and used the inflated MOO as collateral to drain everything else from the protocol. 93.1% of the funds were returned for a $500K bounty.

What happened

Moola Market's lending platform accepted MOO — its own governance token — as collateral, with the MOO/CELO price read from Moola's internal pool. MOO had thin trading liquidity relative to the protocol's other assets, making its price highly manipulable with comparatively small amounts of capital.

The attack required only $243,000 in CELO (purchased from Binance) as initial capital:

  1. Lent 60,000 CELO to Moola.
  2. Borrowed 1.8 million MOO from Moola using the CELO as collateral.
  3. Used the remaining ~183K CELO to pump MOO's price on Moola's internal market — buying MOO aggressively to push the price upward.
  4. The MOO price climbed from ~$0.018 to $5.60 in about an hour — a ~310× increase.
  5. With Moola's oracle now reporting MOO at the inflated price, the attacker deposited the borrowed MOO as collateral (worth nominally $10M+ at the manipulated rate) and borrowed every other asset in Moola's reserves — CELO, cEUR, cUSD — totalling ~$8.4M.
  6. Walked away, leaving Moola with inflated-value MOO as the only backing for the stolen loans.

When MOO's price normalised post-attack, Moola was left massively under-collateralised across its asset markets.

Aftermath

  • Moola paused operations and engaged the attacker via on-chain messages offering a bug-bounty settlement.
  • After negotiation, the attacker returned 93.1% of the stolen funds for a $500,000 bounty payment.
  • The protocol resumed operations with redesigned oracle dependencies and reduced MOO's acceptance as collateral.

Why it matters

The Moola Market incident is the textbook case for why a protocol should never use its own native token's oracle from its own market. The combination of:

  • Self-referential pricing (Moola's MOO price came from Moola's own pool).
  • Thin liquidity (MOO had small market depth).
  • Self-collateral acceptance (Moola let MOO be used as collateral on Moola).

...creates a closed loop where the attacker controls every step of the price-discovery and collateral-valuation pipeline. The fix is well-documented: use external oracle sources for any native token used as collateral, or exclude the native token from collateral acceptance entirely.

The structural pattern recurs across DeFi history:

  • Cream Finance (Oct 2021) — used Yearn's yUSD price from Yearn itself.
  • Vee Finance (Sep 2021) — used Pangolin's price for its own collateral.
  • Polter Finance (Nov 2024) — used SpookySwap spot for BOO collateral.
  • Moola Market (Oct 2022) — used Moola's internal MOO price.

In every case, the manipulation cost was a small fraction of the eventual extraction. Moola's $243K initial cost for $8.4M of drains is a 35× multiplier — and that's before subtracting the $500K bounty payment, leaving the protocol net-negative on the entire incident.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/markets/2022/10/19/celo-protocol-moola-market-loses-over-10m-in-market-manipulation-attack
  2. [02]tradingview.comhttps://www.tradingview.com/news/cryptobriefing:d54d2d50d:0/
  3. [03]anchain.aihttps://www.anchain.ai/blog/moola-market-exploit

Related filings