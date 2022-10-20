By CNBCTV18.com

Mini There have been a string of attacks prior to the Moola and Ethereum Alarm Clock exploits. Most notably, the Binance Bridge and the Mango Marker DeFi protocol were both looted of $100 million each this month. In all, more than $3 billion have been stolen this year,

October is turning out to be a terrible month in terms of crypto hacks and attacks. As of October 13, more than $718 million was stolen across 11 different exploits, according to a Chainanalysis report. And now, fresh attacks on Ethereum's Alarm Clock service and the DeFi protocol Moola have all but confirmed October's title as the biggest month for hacking activity in 2022 so far.

Moola, the Celo-based DeFi lending and borrowing platform, was hacked for $8.4 million late on October 18. The attackers siphoned off 8.8 million CELO (worth $6.5 million) and 1.8 million MOO (worth $0.6 million), along with euro and dollar stablecoins valued at $1.3 million, according to a tweet by Igor Igamberdiev, Research Director at The Block. Fortunately, after a bit of negotiation, the attacker agreed to return most of the funds in exchange for a 700k CELO bug bounty.

"Following today's incident, 93.1 percent of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola and will follow up with the community about next steps, and to safely restart operations of the Moola protocol," said Moola Developers in a Tweet.

In a more recent development, Ethereum's Alarm Clock service has been hacked, and nearly $260,000 in gas fees has been stolen so far. ETH's Alarm Clock enables users to schedule future transactions. One can set the receiver address, amount, and desired transaction time, and as long as they have the required funds and pay the gas fee upfront, the transaction will go through.

According to an October 19 tweet from blockchain security and data analytics firm, PeckShield, the hackers exploited a bug in the smart contract, which allowed them to profit from returned gas fees of cancelled transactions. Basically, the hackers cancelled their scheduled transactions, and the smart contract bug started refunding a greater value of gas fees than they initially paid.

According to PeckShield, 24 addresses were used to exploit the bug and collect the loot. The smart contract that was exploited is more than four years old, while the Ethereum Alarm Clock Service itself is more than seven years old. However, there have been no further updates on the hack, and therefore, it is difficult to ascertain if this is an ongoing exploit or if the bug has been rectified.

There have been a string of attacks prior to the Moola and Ethereum Alarm Clock exploits. Most notably, the Binance Bridge and the Mango Marker DeFi protocol were both looted of $100 million each this month. In all, more than $3 billion have been stolen this year, and at this rate, "2022 will likely surpass 2021 as the biggest year for hacking on record," according Chainalysis.

Also Read: 5 tips to build a balanced crypto portfolio