Solana DeFi Trading Platform Mango Markets Loses $100M in Hack

The second $100 million DeFi hack this week saw $100 million in funds drained from Mango Markets due to an exploit. Mango Markets tweeted Tuesday night that a hacker was able to drain funds from Mango through oracle price manipulation.

Just last Thursday, $100 million was stolen from Binance Smart Chain, another DeFi protocol.

According to blockchain audit website OtterSec, the attacker temporarily boosted the value of their collateral and then borrowed from the Mango treasury.

Mango Markets is a Solana-based digital asset trading platform on the Solana blockchain for spot margin and perpetual futures trading. Mango Markets is managed by Mango DAO.

Also Read :  Investors brace for possible rate cut amid Turkey's 80% inflation

“This is an economic design flaw,” said OtterSec founder Robert Chen decrypt via telegram, adding that this is a risk that Mango Markets has already acknowledged.

“At 18:19 ET an attacker funded Account A with 5mm USDC collateral,” tweeted Head of Derivatives at Genesis Global Trading, Joshua Lim.

As Lim explained, the attacker then offered 483 million units of MNGO perps (perpetual contracts) on the Mango Markets order book. Then at 18:24 ET the attacker funded another account with 5 million USDC of collateral to buy those 483 million units from MNGO offenders at $0.03 per unit.

Also Read :  Friday's jobs report could be a case where good news isn't really good

At 18:26 ET, the attacker began moving Mango’s spot market price, driving the price to $0.91 and the value of the 483 million MNGO to $423 million.

The attacker then borrowed $116 million, leaving Mango’s treasury with a negative balance of -116.7 million. Assets withdrawn include USDC, MSOL, SOL, BTC, USDT, SRM, and MNGO, wiping out all of Mango’s liquidity.

Also Read :  Pandemic Housing Bust? Home price correction hits 19 housing markets

In response, Mango Markets says it has disabled deposits and is taking steps to freeze third-party funds.

A Twitter user noted that the attacker was funded 5.5 million by FTX, prompting FTX CEO Sam Bankman-Fried to respond that the company was investigating.

Mango Markets offered the attacker an opportunity to collect a bug bounty in exchange for the return of the stolen funds.

Stay up to date on crypto news and receive daily updates in your inbox.


Leave a Reply

Your email address will not be published.