Solana-based DeFi Platform, Mango Markets, Loses $100M in DeFi Exploit

During this down market, hacks and attacks in the decentralized finance (DeFi) industry have not stopped, and Mango Markets has been the most recent victim.

The latest casualty of a significant attack that has cost as much as $100 million is the DeFi trading platform Mango Markets in Solana. The protocol tweeted in the early hours of October 12 that it was looking into a case where a hacker was successful in siphoning out money by altering oracle prices. 

A Self-funded Attack on Mango Markets

DeFi analysts at the blockchain security company OtterSec dissected the assault and established that Mango Markets was not the target of a flash loan. USDC collateral from FTX totaling $5.5 million was used to finance the attacker’s account.

The attacker then opened a position for 480 million MNGO-PERP (perpetual future) and engaged in countertrading on a different account. Before obtaining loans from the Mango Treasury, they were able to temporarily control the price of MNGO and raise the value of their collateral. More than 4,000 short liquidations occurred throughout Mango Markets as a result of the price increase.

OtterSec creator Robert Chen attributed the assault to an “economic design weakness.” Joshua Lim, the head of futures at Genesis Global Trading, described the flaw and said that it “essentially wiped out all available liquidity on Mango.”

USDC, MSOL, SOL, BTC, USDT, SRM, and MNGO are among the assets that were drained. Mango Markets is taking action to freeze cash and has disabled deposits.

A governance proposal for the Mango DAO to spend its $70 million treasury to pay off the bad debts was then published by the attacker. Nearly 33 million votes had been cast in support of the plan as of the time of publication, the bulk of which were probably loot taken in the theft by the assailant.

Mango Attacker Provides Ultimatum

The attacker of Mango Markets, a decentralized finance (DeFi) lending system situated in Solana, has given the community an ultimatum. The exploiter claims they want Mango’s treasury to spend the $70 million in USDC it has available to pay back the protocol’s bad debt in a post on the governance proposal forum for Mango.

This bad debt is the result of a rescue plan developed by Mango Markets and the competing Solana lending platform Solend for a major Solana whale with $207 million in debt dispersed across many lending platforms. The whale had once borrowed 88% of the USDC that was available on Solend.

The rescue was put together because of worry that the whale’s bets would be liquidated if the SOL token fell another 20%, which would spread and have a negative influence on the Solana ecosystem. The Wormhole token bridge reported it is halting transfers from Solana because of this continuing Mango Markets problem.

Mango has agreed to assure the exploiter that they won’t launch a criminal inquiry or seize his cash as part of the exploiter’s ultimatum.