A massive hack has drained Mango Markets of $100 million in funds. The decentralised trading platform based on the Solana blockchain stated in a tweet on Tuesday evening that it’s currently investigating an incident where a hacker was able to extract funds from Mango via an oracle price manipulation.
By Wednesday, Mango concluded that the hacker had stolen around $100 million in funds. According to the blockchain auditing website OtterSec, the attacker drove up the value of their collateral temporarily and then extracted loans from the Mango treasury. The same firm also noted that the attacker had “manipulated the price of MNGO up across a number of exchanges, borrowing against their unrealized MNGO gains to drain the protocol.”
“As of now any Mango users with deposits on the protocol are not able to withdraw assets; This incident has effectively resulted in a total draining of all equity available,” Mango tweeted.
We will be disabling deposits on the front end as a precaution, and will keep you updated as the situation evolves.
If you have any information, please contact blockworks@protonmail.com to discuss a bounty for the return of funds. 2/
— Mango (@mangomarkets) October 11, 2022
Following the incident, the hacker responsible for the attack demanded a settlement, with any bad debt being viewed as a bug bounty and insurance. This will be paid through the community treasury worth 70 million USD Coin (or $70 million).
The hacker has also proposed a settlement, asking users who vote in its favour to agree to pay the bounty, pay off the bad debt with the treasury, renounce any claims against accounts with bad debt, and forgo any criminal investigations.
Things haven’t been going well in the way of security in the world of crypto lately. Last week, a blockchain bridge linked to Binance, the world’s largest cryptocurrency exchange, was a victim of a $570 million hack last. The hack drained at least $100 million, according to the company.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘444470064056909’);
fbq(‘track’, ‘PageView’);