Solana-Based Decentralized Finance Exchange Platform Mango Gets Exploited to the Tune Of $116 million
A Hacker, on Tuesday, 11th, 2022, drew off $116 million from DeFi exchange, Mango, after manipulating Its price oracle. Subsequently, the Mango token MNGO declined by 40%.
A price oracle is an external source that provides information about the price of a given asset and uploads it on the blockchain. The manipulation led MNGO’s price to move from $0.2 to $0.9.
Key Takeaways
Solana-based DeFi exchange, Mango Markets, was hacked, and $116 million was stolen from it.
The hacker manipulated the Mango market native token (MNGO) price from $0.02 to $0.91 to finish off the heist.
The team has offered a bug bounty and is open to discussing further with hackers via blockworks@protonmail.com.
More Details on The Hack
The malicious attack that led to the loss of liquidity was first reported by a blockchain security audit firm, OtterSec.
Afterward, The Mango team confirmed in a series of tweets that the hack was possible through price manipulation and will investigate further into the incident.
However, to avert the situation, it will contact third parties where the hacker had deposited the stolen funds to help freeze funds while temporarily disabling the deposition of funds to avoid further loss.
Result From Investigation
According to Mango, after depositing funds into two separate accounts on its platform worth $10 million combined, the attacker placed an outsized long-position on MNGO-PERP while accumulating more MNGO tokens on the spot market, causing a price manipulation from $0.02 to $0.91 within 10 mins.
The price manipulation resulted in the attacker having an unrealized profit worth $420 million on the MNGO Prep trade.
The hacker swiftly proceeded to take out a loan worth $116 million in Bitcoin (BTC), Solana (SOL), Marinade Staked SOL (mSol), and USD Coin (USDC) using the unrealized profit as collateral and withdrew them from the Mango exchange.
Bottom line
According to Mango, it’s seeking a way forward from the murky situation. It put out an email address blockworks@protonmail.com to discuss a bug bounty with hackers.
Exploitations and hacks are becoming rampant in the Crypto industry. Binance Smart Chain got hacked, with 2 million Binance coins worth 100 million dollars stolen. This is just one of many unfortunate incidents; in March 2022, $624 million was stolen from Ronin Network, the largest-ever DeFi hack. As per data from Chainanalysis, $2.0 billion has been lost to hacks this year in crypto.
