Share this article
Celo Protocol Moola Market Loses Over $10M in Market Manipulation Attack
Over 93% of the stolen funds were returned to the protocol shortly after the attack, developers said.
Updated Oct 19, 2022, 2:11 p.m. Published Oct 19, 2022, 6:44 a.m.
Celo-based lending and borrowing protocol Moola Market had over $10 million worth of tokens stolen, and later returned, Wednesday morning after a market manipulation attack.
The exploit was the second of its kind in the last few weeks, with the attackers manipulating the prices of Moola’s native MOO tokens to borrow collateral against their positions – effectively draining the protocol.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Moola developers said the attack started during late Asian hours on Tuesday. “An unknown attacker started manipulating the price of MOO on Ubeswap, allowing the attacker to manipulate the MOO TWAP price oracle used by the Moola protocol,” they wrote. Oracles are third-party services that fetch data from outside a blockchain to within it.
The attacker borrowed a large amount of cUSD and cEUR, two Celo-based stablecoins pegged to U.S. dollar and euro respectively, and CELO from the protocol using MOO as collateral, effectively draining the protocol of its funds. Trading on the platform was stopped at that time.
We discovered the issue at 4:54pm UTC and promptly created a war room to examine the situation and contacted law enforcement. It was around this time that we posted the following tweet to the community inviting the attacker to reach out: https://t.co/UsdN44X70X
— Moola Market 🐮 (@Moola_Market) October 19, 2022
Developers said they contacted law enforcement shortly after discovering the issue. A while later, an individual identifying as the attacker reached out to the team confirming their involvement. This individual held the private key – a cryptographic value akin to a password for a certain block on the blockchain – to the stolen funds.
Moola said it was then able to negotiate with the attacker. At the time of writing, Moola recovered over 93% of the stolen funds some 12 hours after the incident.
Meanwhile, a governance proposal has been floated by the community to prevent further similar attacks. The protocol seeks to lower the liquidation levels that govern MOO's use as collateral on the platform – effectively “removing it as a viable collateral asset.”
The attack is the latest in a long list of exploits this month. With October already becoming the worst month ever for crypto attacks.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin Faces Japan Rate Hike: Debunking The Yen Carry Trade Unwind Alarms, Real Risk Elsewhere
Speculators maintain net bullish positions in the yen, limiting scope for sudden JPY strength and mass carry unwind.
What to know:
- Impending BOJ rate hike largely priced in; Japanese bond yields near multi-decade highs.
- Speculators maintain net bullish positions in the yen, limiting scope for sudden yen strength.
- BOJ tightening may contribute to sustained upward pressure on global yields, impacting risk sentiment.
Top Stories
