Mango Markets Set to Pay $47M Bug Bounty to Hacker

Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management and Cybercrime

96% of voting tokens approve deal; Mango Markets will not pursue criminal charges

Prajeet Nair (@prajeetspeaks) •
October 15, 2022

Mango Markets Pays $47M Bug Bounty To Hackers

Decentralized financial exchange Mango Markets will pay a $47 million bounty on the hacker who stole $117 million worth of digital assets on Wednesday.

See also: Building Secure IoT Deployment with 5G Wireless WAN

Mango Markets is a trading platform built on the Solana blockchain. The platform halted operations to halt all deposits and withdrawals to limit the impact of the attack.

As part of a new deal between the hacker and the decentralized finance exchange, the hacker will keep $47 million as a bug bounty and return the remaining $67 million stolen via the protocol.

The hacker originally put forward his proposal about the decentralized autonomous organization governing Mango Markets, which would give the attacker a $70 million bounty.

Also Read :  Boulder County Farmers Markets: At the Market: Connect with your roots

The Mango DAO governs Mango Markets and gives MNGO token holders the authority to make decisions about the platform’s functions.

The attacker also demanded that the decentralized finance company should not open a criminal investigation or freeze the hacker’s funds if the proposal goes through.

The voting deadline was Saturday at 1:12 a.m. UTC. With 96% of the governance vote voting yes for the deal, which includes around 473 million tokens, while only 3.4% opposed the deal.

The hackers allegedly voted for this proposal as well, using millions of tokens stolen from the exploit.

“Funds transferred by you and the Mango DAO treasury will be used to cover any remaining bad debts in the log. All Mango depositors will be made complete,” read the governance vote.

Also Read :  U.K. Markets Fall Again as IMF Blasts "Unfunded Tax Cuts" By

The deal also requires hackers to return some of the tokens within 12 hours of the proposal being opened “as a sign of good faith” and return the remaining assets within 12 hours once voting is complete and the deal is accepted.

In response to the update, the CEO of cryptocurrency trading company Wintermute responded on Twitter says that “this result feels so wrong”. He says: “I understand the Mango community and why the protocol wants to go ahead and close this page, but this outcome feels so wrong. Can we really fund a DAO to (legally) take this guy down independently?”

According to one voter on the forum, the deal is “an absurdly high bounty for such a lowly attack,” while another voter said, “We should give him less bounty because he’s a criminal who’s in no position to negotiate anymore.” . He will be convicted and arrested – don’t give him ±$50 million! 25 million total is more than enough. Reduce it by 50%.”

Also Read :  Bear Market Deepens As Fed Official Warns Rate Hikes Will Trigger 'Failures' Around Global Economy

attack details

According to blockchain security firm OtterSec, which identified the attack, the attacker manipulated the MNGO token’s price oracle data to take out “massive” undercollateralized crypto loans from Mango’s treasury.

An oracle is a tool that feeds relevant off-chain data onto the blockchain so that smart contracts can be used. A price oracle shows the price information for a digital asset. “None of the Oracle vendors have a fault here. Oracle pricing reporting worked as it should have,” the company said.

The vulnerability arose from the low liquidity in the forex market between MNGO and the USDC stablecoin, which was used as a price reference for a MNGO perpetual swap.


Leave a Reply

Your email address will not be published.