Solana-based decentralised finance (DeFi) trading platform Mango Markets is the latest victim of a large exploit that has resulted in the loss of as much as $100 million (roughly Rs. 822 crore). The exploit appeared to be the result of manipulation in the price of Mango Market’s native MANGO token via an oracle price manipulation attack, Mango Markets tweeted. The platform said it’s investigating and taking steps to have “third parties freeze funds in flight.” Mango Markets has also disabled deposits on the platform as a protective measure.
Blockchain security firm OtterSec later clarified that the attack did not involve a flash loan. The attacker funded an account with $5.5 million (roughly Rs. 45.2 crore) in USDC collateral from FTX. The attacker first deposited the USDC as collateral to open an abnormally large long position. This caused the token price to jump nearly 1000 percent in less than an hour, which concurrently spiked the collateral value of the attacker’s account.
It appears the attacker was able to manipulate their Mango collateral. They temporarily spiked up their collateral value, and then took out massive loans from the Mango treasury. pic.twitter.com/2IJrB9RcEJ
— OtterSec (@osec_io) October 11, 2022
The attacker then used this manipulated collateral value in their account to borrow a large debt position across multiple coins on Mango Market’s borrowing and lending platform.
Since the price of the token and their collateral was manipulated much higher, they were able to borrow and steal more than $100 million (roughly Rs. 822 crore) in assets including assets USD Coin, Marinade Staked Solana (MSOL), Solana (SOL), Bitcoin (BTC), Tether (USDT), Serum (SRM), and Mango (MNGO).
Mango announced they were “taking steps to have third parties freeze funds in flight” and would be “disabling deposits on the front end as a precaution.”
The platform appealed to the exploiter to “please contact blockworks@protonmail.com to discuss a bug bounty.” Mango Markets cofounder Daffy Durairaj also publicly contacted the exploiter, listing his objectives “in order of importance: 1. You are cleared of any wrongdoing 2. You make a healthy profit 3. All Mango depositors are made whole 4. Mango DAO maintains some treasury to rebuild.”
The exploiter posted a governance proposal, promising to return stolen MSOL, SOL and MNGO in exchange for Mango paying back “bad debt” using the USDC in its treasury.
Meanwhile, the platform’s governance token took a massive hit due to the DeFi hack today. The Mango token (MNGO) lost nearly half of its value since the news broke. As of writing, the token price stands at $0.02384, down 40.58 percent in the last 24 hours, according to price tracking platform CoinMarketCap. The token is currently ranked 535 based on its market capitalisation.
Affiliate links may be automatically generated – see our ethics statement for details.
Read The Full Article Here