Attacker Exploited over $100 Million from Solana's Mango Markets

HomeDeFi
Share this article
Subscribe for weekly updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Hacker

On October 12, Mango Market, a Solana-based DEX, lost about $100 million to a hacker who drained the exchange of all its liquidity via oracle price manipulation.

The Attack

The attack started around 6:19 pm ET with a withdrawal of 5 million USDC from FTX, a custodial exchange. At that time, the 5 million USDC was worth 483 million MNGO tokens, and the hacker offered these tokens on Mango Market's order book. Next, the hacker deposited 5 million USDC to another wallet and purchased the MNGO tokens offered from the onset. They then manipulated MNGO until its price rose to $0.91.

Accordingly, the 483 million MNGO in the hacker's wallet was worth over $420 million. This amount was more than enough collateral for the hacker to borrow over $100 million worth of assets from Mango Markets.

The attacker borrowed millions of dollars in assets like SOL, MSOL, USDC, USDT, BTC, SRM, and MNGO. According to reports, the attacker was able to drain some $116 million from Mango Markets.

Reaction from Mango

Mango Markets said that the platform had suspended deposits and withdrawals until further notice. Also, the project's priority is to prevent other losses and rebuild the Mango protocol, irrespective of how bad it gets. 

Hacker's Proposal

Meanwhile, the hacker has proposed to return the stolen assets under some conditions. They stated that Mango Markets should use the $70 million in its treasury to settle outstanding bad debts, waive all claims against Mango users with bad debts and never investigate this hack. 

To affirm this request, the hacker created a DAO poll where they cast over 33 million 'Yes' votes supporting the claim with the exploited fund. The hacker's request might be a reality with 66 million more 'Yes' votes. 

Mango's Proposal

Also, Mango Markets has agreed to the hacker's demands through another DAO poll while asking for a show of good faith.

Written by
Trust Akpobome

On October 12, Mango Market, a Solana-based DEX, lost about $100 million to a hacker who drained the exchange of all its liquidity via oracle price manipulation.

The Attack

The attack started around 6:19 pm ET with a withdrawal of 5 million USDC from FTX, a custodial exchange. At that time, the 5 million USDC was worth 483 million MNGO tokens, and the hacker offered these tokens on Mango Market's order book. Next, the hacker deposited 5 million USDC to another wallet and purchased the MNGO tokens offered from the onset. They then manipulated MNGO until its price rose to $0.91.

Accordingly, the 483 million MNGO in the hacker's wallet was worth over $420 million. This amount was more than enough collateral for the hacker to borrow over $100 million worth of assets from Mango Markets.

The attacker borrowed millions of dollars in assets like SOL, MSOL, USDC, USDT, BTC, SRM, and MNGO. According to reports, the attacker was able to drain some $116 million from Mango Markets.

Reaction from Mango

Mango Markets said that the platform had suspended deposits and withdrawals until further notice. Also, the project's priority is to prevent other losses and rebuild the Mango protocol, irrespective of how bad it gets. 

Hacker's Proposal

Meanwhile, the hacker has proposed to return the stolen assets under some conditions. They stated that Mango Markets should use the $70 million in its treasury to settle outstanding bad debts, waive all claims against Mango users with bad debts and never investigate this hack. 

To affirm this request, the hacker created a DAO poll where they cast over 33 million 'Yes' votes supporting the claim with the exploited fund. The hacker's request might be a reality with 66 million more 'Yes' votes. 

Mango's Proposal

Also, Mango Markets has agreed to the hacker's demands through another DAO poll while asking for a show of good faith.

Written by
Trust Akpobome