Solana-Based Defi Protocol Mango Markets Loses $117M in Hack, Exploit Reportedly Revealed on Project’s Discord in March – Bitcoin News

According to multiple reports, Solana-based trading and lending platform Mango Markets was hacked when a malicious actor was able to siphon $117 million from the protocol. An analysis of the hack published by Certik explains that the attacker manipulated the price of the project’s native mango token (MNGO), allowing them to borrow $117 million against the mined collateral.

Mango Markets Hacked For $117M, Blockchain Security Firm Sums Up Attack Vector

On Tuesday, Solana-based platform Mango Markets was hacked for $117 million. The team tweeted about the problem at 7:36 pm (ET) on October 11. “We are currently investigating an incident where a hacker was able to drain funds from Mango through an oracle price manipulation,” Mango Market’s Twitter account. detailed. “We are taking steps to have third parties freeze funds in flight. We will be disabling front end depots as a precautionary measure and will keep you updated as the situation evolves.”

Blockchain audit and security firm Certik summed up the Mango Market hack in an autopsy and the team explained that the hacker was able to manipulate the mango token (MNGO). “The attacker used two addresses to manipulate the price of MNGO, Mango’s native token and collateral asset, from $0.038 to a maximum of $0.91,” Certik explained in a note sent to Bitcoin.com News. “This allowed them to borrow heavily against their $MNGO collateral, which they did to the tune of approximately $117 million, although this figure fluctuates as affected token prices reacted to the news.”

According to For blockchain security firm Hacken, the hacker started with roughly $5 million in USDC to accomplish the goals. The official Mango Market Twitter account confirmed that two USDC-funded accounts took a massive long position on “MNGO-PERP”. “MNGO/USD underlying prices on various exchanges (FTX, Ascendex) experienced a 5-10x price increase in a matter of minutes,” Mango said. Mango further added that no Oracle vendor was to blame for the incident. The team emphasized:

We want to clarify and mention here that none of the Oracle providers have any bugs here. Oracle price report worked as it should.

Meanwhile, blockchain audit and security firm Certik has revealed that the attack vector was allegedly known as early as March 2022. “The vulnerability here stems from the low liquidity in the MNGO/USDC market, which was used as a benchmark. of prices for the MNGO. perpetual exchange”, adds the summary of Certik. “With only a few million USDC at his disposal, the attacker was able to increase the price of MNGO by 2,394%. This exact attack vector was apparently bred on Mango’s Discord channel in March of this year,” Certik’s autopsy concludes.

Tags in this story

$117 million, attack vector, certik, Certik post mortem, Certik Researchers, Hack, Hacken, incident, incident report, Mango, Mango Markets, Mango’s Discord channel, MNGO/USDC, Oracle prices, Oracles, post mortem, Solana, Solana Lending App, Solana Trading App, Twitter, Twitter account

What do you think about the Mango Markets exploit? Let us know what you think about this topic in the comments section below.

jamie redman

Jamie Redman is the news lead at Bitcoin.com News and a fintech journalist based in Florida. Redman has been an active member of the cryptocurrency community since 2011. He is passionate about Bitcoin, open source, and decentralized applications. Since September 2015, Redman has written over 6,000 articles for Bitcoin.com News about the disruptive protocols emerging today.




image credits: Shutterstock, Pixabay, Wiki Commons

DisclaimerNote: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Leave a Comment