The $100 million exploit of Solana-based decentralized protocol Mango Markets has despatched the worth of its native token MNGO and that of SOL spiraling down during the last 24 hours.
CryptoSlate information exhibits that the MNGO token fell greater than 40% within the final 24 hours to $0.02396. Throughout this era, SOL additionally shed roughly 1% of its worth to commerce at $31.
In the meantime, the full worth of belongings locked in Solana dropped 23% to $997 million from $1.32 billion, in line with DeFillama information. That is the primary time Solana’s TVL has fallen under $1 billion since July 2021.
The exploit
Mango Market acknowledged that the hacker manipulated MNGO’s worth by taking an outsized place in MNGO-PERP and counter-traded themselves with one other account. This led to the USD worth of MNGO rising on numerous exchanges.
Round 22:00 UTC October eleventh the 🥭 protocol had an incident involving the next:
-2 accounts funded with USDC took an outsized place in MNGO-PERP
-Underlying MNGO/USD costs on numerous exchanges (FTX, Ascendex) skilled a 5-10x value improve in a matter of minutes
— Mango (@mangomarkets) October 12, 2022
The worth oracles Switchboard and Pyth elevated the benchmark MNGO value primarily based on this, inflicting a “mark-to-market improve within the worth of the account that was lengthy MNGO-PERP from the unrealized revenue.”
This allowed the hacker to withdraw $100 million value of belongings which was all of the liquidity on the protocol.
Blockchain safety agency OtterSec wrote that the attacker manipulated Mango’s collateral, which allowed him to take out large loans from the treasury.
It seems the attacker was in a position to manipulate their Mango collateral. They quickly spiked up their collateral worth, after which took out large loans from the Mango treasury. pic.twitter.com/2IJrB9RcEJ
— OtterSec (@osec_io) October 11, 2022
Hacker makes proposal
The hacker has launched his phrases for returning the funds by way of a proposal submitted to the DAO.
In line with the hacker, Mango ought to repay unhealthy money owed utilizing its treasury’s $70 million USDC. The unhealthy debt within the proposal comes from a bailout by Mango Markets and Solend for a Solana whale with about $207 million in debt throughout a number of lending platforms on Solana.
The lending protocols had put collectively a bailout to guard the market from the chance of contagion if the whale positions had been to be liquidated.
The proposal states, “any unhealthy debt might be considered as a bug bounty/insurance coverage, paid out of the mango insurance coverage fund.” The hacker additionally asks that Mango token holders waive their proper to pursue any potential claims in opposition to accounts with unhealthy debt.
He additionally desires assurance that no prison motion or freezing of funds would happen. As of press time, 33 million votes (99%) assist the proposal.
In the meantime, a Twitter consumer, foobar, identified that the “sure” votes had been coming from the attacker. The hacker would wish a minimum of 67 million extra votes to succeed in a quorum.
nvm the sure votes are coming primarily from the attacker 😭
— foobar (@0xfoobar) October 12, 2022
Mango Markets response
Mango Markets’ staff has mentioned its main focus is to forestall additional losses, guarantee depositors are made complete and salvage some worth for the protocol.
🥭 DAO priorities are:
➡️ Stopping any additional pointless losses (already achieved by halting program directions)
➡️ To ensure depositors of the Mango protocol are made complete
➡️ To try to salvage some worth in Mango DAO and protocol to rebuild from right here
— Mango (@mangomarkets) October 12, 2022
The platform has additionally now been frozen to forestall additional deposits.