Mango Markets Hack – Over $100 Million Stolen by Attacker
Things happen differently in the world of cryptocurrency, and many decentralized finance trading platforms have been subject to attacks by hackers and cybercriminals. In terms of security, things are not looking great in the cryptocurrency world. Recently, one of the blockchain bridges connected to Binance was hacked and lost $570 million as a result.
In the crypto ecosystem, hacks are common, but recent hacks are proving to be really dangerous. The DeFi or decentralized finance trading platform, Mango Markets, which operates on the Solana Blockchain, has recently been targeted by hackers who have drained around $117 million.
In this article, we will learn more about the Mango Markets hack and the current situation around this issue.
Massive Hack Drains Crypto Trading Platform Mango Markets
A DeFi trading platform, Mango Markets operates on Solana blockchain, and on October 12, during the early hours, the platform lost over $100 million as a result of a massive hack. Last Tuesday, Mango tweeted that they are investigating the hacking incident currently where they lost a massive amount of money through Oracle price manipulation.
The hacker manipulated Oracle’s price data and took under-collateralized loans to drain money from Mango Markets. Blockchains are connected with external systems through Oracle, which allows smart contracts to implement transactions through input and output from real-world data.
This hacking exploit was discovered by OtterSec, a blockchain security company, and they shared some more details on Twitter. According to them, the hackers temporarily pumped up their collateral’s value and then proceeded to take loans from Mango Markets’ treasury.
The attackers manipulated the Mango collateral, temporarily spiking up the value, and then took huge loans. Genesis Global Trading’s Head of Derivatives, Joshua Lim, also gave some information regarding the hack. According to him, the attack started on October 12 in the early hours when the hacker funded 5 million USDC collateral into the 1st account.
Next, the hacker offered 483 million MNGO perpetual contracts or perps on Mango Markets’ order book. After this, the hacker funded 5 million USDC into a second account and used it to buy almost 483 million MNGO perps at the price of $0.03. The attacker then began moving Mango spot market price up to $0.91 to finish the attack.
Lastly, the hacker took a loan from Mango’s treasury worth around $116 million. This left the treasury with a negative $116 million balance and wiped out the Mango platform’s entire liquidity. The assets stolen by the hacker included around $50 million worth USDC, $26 million worth MSOL, $24 million worth SOL, and MNGO, SRM, BTC, USDT, etc., in smaller amounts.
One Twitter user stated that the 5.5 million USDC used by the hacker for collateral was obtained through FTX. FTX CEO Sam Bankman-Fried confirmed this and stated that the firm is investigating the situation and will take proper action soon.
The Hacker is Demanding a Large Bug Bounty Settlement
After looting Over $100 million from Mango Markets, the hacker has made a proposal to the platform, which includes steep settlement conditions. The proposal states liquidating the entire Mango DAO treasury so that $70 million worth of bad debts within the platform can be repaid.
Moreover, the hacker has requested Mango DOA to waive any claims related to accounts that have bad debt. He has also asked them to not proceed with any criminal investigation into the hack and not to freeze any of the funds stolen by him.
The hacker stated that if the proposal offered by him passes, then he will send the SOL, MNGO, and MSOL stolen by him to any address that Mango Markets announces. He stated that Mango’s treasury would cover all bad debt remaining within the platform, and users that do not have any bad debt should be turned whole.
In a DAO or decentralized autonomous organization, the control over the organization is evenly spread among members who have the DAO token. Members can use the token to vote in favor or against a proposal which is then executed through smart contracts. The hacker used the MNGO tokens that he stole to cast over 33 million votes favoring his proposal.
Still, for the proposal to pass, 66.7 million votes are needed, and it seems unlikely that the proposal will go through because the polling ends soon. If the proposal goes through, then the hacker will receive almost $70 million.
Mango Markets Reaction to the Attack
To limit the hack’s impact, Mango Markets has stopped all operations and ceased all withdrawals and deposits. The hack had drained all total equity available on the platform, and the MNGO token price has also gone down by around 35%. Mango is currently investigating the attack and have even discussed a bug bounty with the hackers.
Mango DAO has offered the attacker around $47 million as a bug bounty, where he would need to send almost $67 million worth of stolen assets and tokens. Subject to agreement, the DAO’s proposal lists the tokens stolen by the attacker, asking him to send them back to a wallet that is owned by Mango Markets. The DAO also states no criminal investigation will be launched if the hacker returns the assets as agreed upon.
Mango also said that the assets returned by the thief and those in the treasury would go into covering bad debt and making mango users whole. They computed the equity of every account in USDC and will reimburse as much as possible after making the recovery.
Decentralized Trading Platforms Are Not Totally Secure
Most DeFi platforms use smart contracts that do not involve any third party and are highly vulnerable to hackers. The attack on Mango Markets has been deemed as an economic design flaw, and it is just one of the many crypto attacks recently.
Some days ago, Binance Smart Chain was hacked of $100 million, and QANplatform lost around $1 million. Hackers are becoming more advanced, and even though Defi platforms promise high security, these hacks and stolen assets are a growing issue.
Scam Help Can Assist You!!
If you have been a victim of a crypto scam or any other online fraud, Scam Help is here for you. Our custom solutions and highest standards make sure that your stolen or lost assets can be recovered as quickly as possible.
With an experienced team, industry-leading techniques, and case-winning strategies, we will help you in any type of online or crypto fraud case.