Mango Markets, a decentralized trading platform on the Solana blockchain, has become “ripe for harvest” when it fell victim to hackers who stole more than $100 million from the platform, Fortune reported Wednesday.
The hack looked to be the consequence of a price manipulation on Mango Market’s native MNGO token, according to a tweet from the platform.
The perpetrator initially deposited $5 million in USDC to the network before opening an unusually big long position, according to a Twitter post by blockchain security firm Hacken.
This drove the price of MNGO to increase by approximately 1,000% in just a few minutes, while elevating the collateral value of the hacker’s account.
It appears that the hacker was able to subvert their collateral on the platform, allowing the attacker to obtain oversized loans from Mango’s treasury, according to blockchain auditing firm OtterSec, which was the first to discover the vulnerability.
The team of engineers at Mango stated that they have initiated an inquiry into the incident. The platform added on social media that it had disabled front-end deposits. At first, the team requested that users refrain from making deposits until the situation normalizes.
We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.
We are taking steps to have third parties freeze funds in flight. 1/
— Mango (@mangomarkets) October 11, 2022
Mango Markets Token Drops 39% Following The Hack
As of this writing, MNGO is trading at $0.02441839, down 39% in the last 24 hours, data from Coingecko show, Wednesday.
The exploit was the second $100-million DeFi hack in as many days. Just last Thursday, hackers carted off with almost $100 million from another DeFi network, the Binance Smart Chain.
As the market for cryptocurrencies continues to expand year after year, cybercriminals have become more aggressive, taking advantage of the assets accessible on digital exchanges.
Different types of cybercrime exist inside the cryptocurrency economy. Furthermore, the most prevalent sort of crime might fluctuate from year to year.
Decentralized finance (also known as DeFi) platforms appear to be more hacker-vulnerable than centralized exchanges with stronger security precautions.
According to data compiled by MarketPlace Fairness, over 50 percent of the cryptocurrency breaches that were carried out last year included DeFi.
UPDATE: @mangomarkets exploit
The exploiter posted a governance proposal which essentially says:@mangomarkets shall liquidate their $70mil Treasury to me and I will return the “bad debt” to users
33 Million “yes” votes on the proposal from exploiterhttps://t.co/WrPfanN7rp https://t.co/spFpSH4aDa pic.twitter.com/Lii4Z9ptM1
— dleer.near (@dleer_defi) October 12, 2022
Condition: Reimburse Bad Debts, Hacker Says
Meanwhile, the intruder then published a governance proposition for the Mango DAO to utilize its $70 million treasury to reimburse bad debts.
At the time of publication, there were about 33 million votes in support of the proposal, the large bulk of which were undoubtedly stolen funds ffrom the hacker himself.
The Solana ecosystem, which has been rocked by network disruptions, malware assaults, and a plummeting token value, has had yet another drama unfold.
Solana experienced a serious disruption on September 30, from which it took several hours to regain service.