The perpetrator of the US$9.1 million Moola Market exploit returned close to the entirety of the loot in exchange for an undisclosed ransom on Wednesday, according to the project’s social media update.  

See related article: ‘Hacktober’ continues with US$1 mln taken from BitKeep token swap service

Fast facts

  • Decentralized finance (DeFi) project Moola Markets announced that they had paused their lending protocol on the Celo blockchain due to an exploit on Oct. 19 at around 2:00 a.m. Hong Kong time, adding that they were willing to negotiate a bounty for the funds. 
  • The culprit reportedly reached out to the protocol within 10 minutes after Moola’s offer, starting several hours of negotiations for the funds.
  • According to Moola, the exploiter has returned 93.1% of the stolen assets and donated a portion of the remaining funds to ImpactMarket, a Moola Market depositor that provides financial assistance to under-banked communities globally. 
  • October has been open season on DeFi exchanges for hackers, as this month’s theft level is on track to set an all-time monthly record.
  • Moola said it is currently working on governance proposals to close the loophole that resulted in the exploit and hopes to unfreeze the protocol within six days.
  • “Additionally, we will investigate mechanisms to help further restore the remaining 6.9% collateral to minimize the impact of this incident on Moola users,” the DeFi lender said.

See related article: Crypto hackers on track for bonanza year as theft surges, Chainalysis says