This is the second hack over $100 million to hit decentralized finance (DeFi) this week. A few days after the BNB Chain, it was the turn of Solana (SOL) and the Mango Markets platform to suffer an attack. The hacker subtly manipulated token prices in order to steal $114 million from the protocol.
Mango Market loses $114 million
Early in the night, the Mango Markets platform announced that it had been the victim of a large-scale attack, resulting in the loss of approximately $114 million. Decentralized exchange services have been partially suspended pending further investigation.
We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.
We are taking steps to have third parties freeze funds in flight. 1/
— Mango (@mangomarkets) October 11, 2022
“We are currently investigating an incident in which an attacker was able to drain funds from Mango via oracle price manipulation. We take steps to have third parties freeze stolen funds. »
According to early research by blockchain audit firm OtterSec, this attack results a subtle manipulation of the MNGO price, the native token of the platform. The hacker thus drained 114 million dollars from the treasury of Mango Markets.
Around 7 a.m., the strategy used by the hacker has been officially confirmed by Mango Markets. This corroborates with the speculations of specialists @joshua_j_lim and OtterSec, which agree that it is a type attack “price oracle manipulation”, or oracle price manipulation.
👉 Learn how to configure your Ledger key to browse Web3 safely
The French unicorn of crypto wallets
A complete crypto experience, from buying to securing
How did the hacker do it?
Concretely, the hacker would have started by depositing 5 million USDC on two different accounts. To start, he used his first account to open a down bet position of 483 million MNGO on the MNGO/USDC perpetual contract, at a price of $0.03 each.
Then he used his second account to buy this position himself by opening a bet on the risecausing the price of the token to jump by almost 1000% in less than an hour. Finally, the hacker applied this strategy several times to manipulate the price of MNGO, allowing him to reach up to $0.54 each on different exchanges such as Ascendex or FTX.
Price evolution of MNGO against USDC
As a result, the Pyth and Switchboard oracles used by Mango Markets updated the MNGO price. As a result, the upward position taken by the hacker was positive by an amount of $132 million about.
These funds were then used to contract a loan on several tokens via Mango Markets, and to withdraw the funds via various assets such as USDC, MSOL, SOL, BTC and USDT. Obviously, all available liquidity on the protocol was drained.
The MNGO is currently trading around $0.02 each. The downward betting position opened by the hacker on his first account is therefore positive by approximately $12 million at present. However, the lack of liquidity and the suspension of trading functionalities do not allow him to take his profits.
👉 Also Read – Binance Avoids What Could Have Been One of the Biggest BNB Chain Hacks in History
Discover Binance
Binance
-10% off fees with code SVULQ98B 🔥
What will happen next?
Some time after the events, the hacker proposed a governance vote to the Mango DAO community. In it, he offers to send his funds in SOL, MSOL and MNGO (about $50 million) to the protocol in order to reimburse all injured users in that case.
Furthermore, if the proposal is accepted, he requests that his funds not be frozen and to drop all legal proceedings against him. Funny enough, the hacker used the 32 million MNGOs he owns to vote in favor of this proposalor about 30% of the tokens eligible for the vote.
In parallel, extensive research has shown that the hacker’s funds were deposited from an FTX account. Questioned by an Internet user, the CEO of FTX, Sam Bankman-Fried, confirmed to have launched an investigation internally and be ready to take the necessary measures.
Can confirm we are investigating and will take any appropriate action/etc.
— SBF (@SBF_FTX) October 12, 2022
As a reminder, FTX is a centralized exchange using the Know Your Customer (KYC). In other words, each user must state their identity in order to create an account on the platform. Thus, it is very likely that the identity of the hacker can be found quickly.
In the statement issued this morning by Mango, the protocol team confirmed that “this incident has effectively drained all available capital”. She also showed up open to the hacker’s willingness to negotiate and ensures that it will continue to communicate on the sequence of events.
👉 Do you want to trade cryptos with FTX? Find our full review and tutorial on this platform
Sources: Mango Markets, Mango Twitter release
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
Freelance writer located between Paris and Toulouse. I want to share my passion for the world of cryptocurrencies to as many people as possible. I am also interested in technical analysis and trading.
Lilian Aliaga
253 items
