After a $117 million exploit on Oct. 11, the Mango Markets community will strike a deal with their hacker that will allow the hacker to keep $47 million as a bug bounty, according to the log- Decentralized Finance (DeFI) Governance Forum.
The proposed terms show that $67 million of the stolen tokens will be returned, while $47 million will be kept by the hacker. 98% of voters or 291 million tokens voted in favor of the deal, which also stipulates that Mango Markets will not file criminal charges in the event.
If the quorum is reached, the vote is expected to take place on October 15th. The suggestion was:
“The funds transferred by you and the Mango DAO treasury will be used to cover any remaining bad debts in the log. All Mango depositors will recover. By voting in favor of this proposal, the Mango token holders agree to settle the bad debts with the and waive any potential claims against bad debt accounts and will not pursue any criminal investigations or freeze of funds once the tokens have been returned as described above.”
On Twitter, members of the community reacted to the development:
Mango Hacker Secures ~$47M Bug Bounty
By far the biggest crypto bounty?
The current bounty rate of 10% of the monies mined needs to be reassessed, lmao. pic.twitter.com/FcHkEbwY7u
— Hsaka (@HsakaTrades) October 14, 2022
The proposal was also questioned at the governance forum, as one voter noted:
“100% agree that making users’ funds complete asap is the top priority, but a $50M “bug bounty” is ridiculous. At most, the exploit should be recouped for its cost ($15 million?) plus $10 million offered to the $600 million wormhole hacker. Mango is better at negotiating, especially considering the exploiter is essentially doxed.”
The hacker carried out the attack by manipulating the value of the native MNGO token collateral and then borrowing “massive loans” from Mango’s treasury. After the funds ran out, the hacker demanded a settlement by making a proposal on Mango Market’s Decentralized Autonomous Organization (DAO) forum, demanding $70 million at the time.
Furthermore, the hacker voted for this proposal using millions of tokens stolen from the exploit. On October 14, the proposal reached the required quorum to be accepted. In exchange for the settlement, the hacker is demanding that users who vote for the proposal agree to pay the bounty, settle the bad debts with the Treasury, waive potential claims against bad debt accounts, and avoid criminal investigations or anything similar initiate freezing of funds.