Moola Markets: Price Manipulation (Native Token Collateral)
Moola Markets lost $8.4M when an attacker used $180K in CELO to pump the MOO native token price on Ubeswap, then borrowed all remaining protocol liquidity against the inflated collateral — before returning 90% in exchange for a $525K "bounty."
Summary #
Moola Markets suffered a Lending / Money Market on 2022-10-19, resulting in a loss of approximately $8M.
What happened #
Moola Markets lost $8.4M when an attacker used $180K in CELO to pump the MOO native token price on Ubeswap, then borrowed all remaining protocol liquidity against the inflated collateral — before returning 90% in exchange for a $525K "bounty."
Linked factors #
- RD-F-001 — causal : ★ Audit scope mismatch — alternate field name [via dashboard_risk_factors/Exploited code in scope?: N/A — no smart contract bug; protocol-design risk]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — MOO price oracle reflected manipulated DEX price]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Unknown]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Yes — Aave fork (Celo deployment)]