Hackers hit again, this time targeting DeFi platform Mango Markets.
Mango Markets, Solana-based decentralized finance (DeFi) platform, has reportedly been drained by unknown hackers for over $100 million.
According to the tweet shared by blockchain security firm OtterSec, the hackers manipulated Mango’s collateral. Blockchain security firm claims that hackers temporarily spiked collateral values and then took out loans from Mango treasury.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is SushiSwap? DEX & Sushi Token Animated Explainer
Soon after OtterSec alerted the community, Mango tweeted by asking users not to deposit into Mango until further notice.
After an hour of posting the initial tweet, Mango informed the public that hackers were “able to drain funds from Mango via an oracle price manipulation.”
According to the tweets shared by Mango, two accounts funded with USD Coin took an outsized position on Mango Protocol Perpetual Futures (MNGO-PERP). This influenced an MNGO/USD price increase on exchanges like FTX and Ascendex.
Following this process, hackers managed to borrow and withdraw BTC (sollet), USDT, SOL, mSOL, and USDC worth over $100 million at the time of the exploit.
After explaining the circumstances of the hack, Mango Markets ended its tweet thread by stating:
We believe the most constructive way to approach this is to continue communicating with those responsible for the incident and in control of the funds removed from the protocol to attempt to resolve the issues amicably.
It seems that the hackers considered Mango’s offer to communicate and decided to share their own demands. The hackers used Mango’s governance proposal platform to initiate the vote. In the vote, the malicious actor proposes to liquidate the DAO treasury aiming to repay $70 million of bad debts.
If this proposal passes, I will send the MSOL, SOL, and MNGO in this account to an address announced by the mango team. The mango treasury will be used to cover any remaining bad debt in the protocol, and all users without bad debt will be made whole. Any bad debt will be viewed as a bug bounty/insurance, paid out of the mango insurance fund.
The hacker also proposes that by voting positively, Mango token holders agree to pay the bounty and “pay off bad debt with the treasury.”
At the time of writing, more than 33 million votes were cast in favor of the proposal. However, despite that, the discussion section under the proposal was rather negative, with one commentator stating:
You're disgusting. What you did is wrong in every way possible. The responsible thing to do would have been to disclose the vulnerability to the team, NOT EXPLOIT IT. I hope the law enforcement community shows you ZERO MERCY.
Following the news about the exploit, Mango’s native token’s MNGO has dropped by around 52%. However, at the time of writing, it saw a 2% price increase.