- Solana-based DEX Mango Markets was exploited for approximately $112 million. The MNGO token has fallen by 40% to a price of $0.023.
- The attacker manipulated their Mango collateral and took massive loans from the treasury to carry out the exploit.
- The attacker also used his 32 million MNGO tokens in the DAO to vote against carrying out a criminal investigation.
The Mango Markets project has experienced a hack that saw approximately $112 million drained by the attacker. The MNGO token has also taken a massive fall, with a 40% drop that brings the price to $0.023. The token is now down by over 95% from its all-time high.
Mango Markets is a Solana-based DEX that offers cross-margin trading up to 20x leverage with all the benefits of speed and low fees of the network. The exploit was first pointed out by blockchain security company OtterSec, which offered an explanation of what had happened. The company said that developer Tom Geshury notified them about the exploit.
Credit goes to @TomGeshury for alerting us. This is an ongoing investigation, follow us @osec_io to stay up to date on the latest.
OtterSec explained that the attacker manipulated their Mango collateral, temporarily spiking up their collateral value. They then took massive loans from the Mango treasury. The project also provided a post-mortem on the attack.
-This led to Switchboard and Pyth oracles updating their MNGO benchmark price to $0.15+
-This further caused a mark-to-market increase in the value of the account that was long MNGO-PERP from the unrealized profit
The Mango Markets team asked users not to deposit funds shortly after the attack was noted. Users with deposits on the protocol cannot withdraw their assets currently as there has been a total draining of all equity available, they said.
The team also said that there would be new priorities on the DAO to prevent further damage. These are the prevention of more losses and salvaging some value in the Mango DAO.
Hacker Uses MNGO Tokens To Take Over DAO Vote
Unfortunately for the Mango team, their DAO has also been compromised following the attack. The attacker promised to return most of the funds if the DAO assured not to carry out a criminal investigation. The attacker used 32 million votes to vote in favor of this proposal, which vastly outnumbered opposing votes.
>Hacks Mango for $100m
>Submits proposal for Mango to use $70m from treasury to repay bad dept and let him keep 50% of the proceeds.
>Votes yes on proposal with 30m stolen mango tokens
>Refuses to elaborate pic.twitter.com/oIQOfFjqwl
The Wormhole token bridge has also announced that it is pausing transfers from Solana because of the exploitation of Mango Markets. Wormhole itself was subject to a high-profile attack earlier this year. The DeFi market continues to be plagued by hacks, and 2022 saw $1.57 billion stolen in the first four months alone.
Transfers from Solana are currently unavailable.
We will share an update shortly.
It marks an extraordinary series of events for Mango Markets, which is deliberating its next steps. Meanwhile, the attacker has effectively made a mockery of the situation and is so far unscathed. It remains to be seen whether they will actually be pursued by law enforcement agencies.
Source: Read Full Article