Beosin: Analysis of the Moola Protocol Hack Incident with a Profit of Approximately 9 Million USD

ChainCatcher news, according to monitoring by the Beosin EagleEye Web3 security warning and monitoring platform, the Moola protocol on Celo was attacked, with hackers profiting approximately 9 million USD. The Beosin security team analyzed the incident immediately, and the results are as follows:

Step 1: The attacker conducted multiple transactions, buying MOO with CELO, starting with a capital of 182,000 CELO.
Step 2: The attacker used MOO as collateral to borrow CELO. According to common logic in collateralized lending, the attacker pledged MOO worth a, allowing them to borrow CELO worth b.
Step 3: The attacker used the borrowed CELO to purchase MOO, thereby continuing to drive up the price of MOO. After each swap, the price of MOO in terms of CELO increased.
Step 4: Since the collateralized lending contract uses the real-time price in the trading pair for judgment when lending, the previous borrowing amount did not reach value b, allowing the user to continue borrowing CELO. By continuously repeating this process, the attacker raised the price of MOO from 0.02 CELO to 0.73 CELO.
Step 5: The attacker conducted a total of 4 collateralizations of MOO, 10 swaps (CELO for MOO), and 28 borrowings, achieving the profit process.

The collateralized lending implementation contract that was attacked is not open source. Based on the characteristics of the attack, it can be speculated that the attack is a price manipulation attack. As of the time of writing, tracking through Beosin Trace revealed that the attacker returned approximately 93.1% of the funds to the Moola Market project team and donated 500,000 CELO to the impact market, keeping a total of 650,000 CELO as a bounty.