A Hacker Steals $100 million from Solana DeFi Trading Platform, Mango Markets

Mango Markets tweeted on October 12  that a hacker was able to steal $100 million from Mango via an oracle price manipulation.

“We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight,” tweeted Mango.

The Chronology

In accordance with the blockchain auditing website OtterSec, the attacker increased the collateral’s value and subsequently took out loans from Mango.

“It appears the attacker was able to manipulate their Mango collateral. They temporarily spiked up their collateral value, and then took out massive loans from the Mango treasury,” said OtterSec. 

Read More: New Search Tool Shows Full Identities & How Much Users Lost In Celsius Bankruptcy

“It’s an economic design flaw,” OtterSec founder Robert Chen told Decrypt on Telegram, adding that Mango Markets had already acknowledged the risk.

Joshua Lim,  the Head of Derivatives at Genesis Global Trading said “”At 6:19 PM ET, an attacker funded account A with 5mm USDC collateral.”

Lim explained that the attacker later sold 483 million units of MNGO perp contracts on Mango Markets’ order

As of 6:24 PM ET, the attacker funded another account with 5 million USDC collateral for the purchase of those 483 million MNGO perps for $0.03 each.

At  6:26 p.m. ET, the attacker moved the Mango spot market price to $0.91, making it worth $423 million based on the value of 483 million MNGOs.

A loan of $116 million was taken out by the attacker, leaving Mango’s treasury with a negative balance of -116.7 million.

Mango Markets’ Response

Mango Markets responds by disabling deposits and freezing the fund using third-party.

“We will be disabling deposits on the front end as a precaution, and will keep you updated as the situation evolves,” said Mango. 

Mango added, “We believe the most constructive way to approach this is to continue communicating with those responsible for the incident and in control of the funds removed from the protocol to attempt to resolve the issues amicably.”

Read More: Celebrities-Backed Step, Banking Platform For Teens, Secures $300 Million In Debt Funding 

As a result of a Twitter user’s observation that the attacker received 5.5M from FTX, the CEO of FTX replied saying the company was investigating.

For more info regarding Crypto Alpha and NFTs Alpha.  Always follow us on Twitter and Instagram

Jamilatul Mahmudah

Related post