According to multiple reports, Solana-based trading and lending platform Mango Markets was hacked when a malicious actor was able to siphon $117 million from the protocol. An analysis of the hack published by Certik explains that the attacker manipulated the price of the project’s native mango token (MNGO), allowing them to borrow $117 million against the mined collateral.
Mango Markets Hacked For $117M, Blockchain Security Firm Sums Up Attack Vector
On Tuesday, Solana-based platform Mango Markets was hacked for $117 million. The team tweeted about the problem at 7:36 pm (ET) on October 11. “We are currently investigating an incident where a hacker was able to drain funds from Mango through an oracle price manipulation,” Mango Market’s Twitter account. detailed. “We are taking steps to have third parties freeze funds in flight. We will be disabling front end depots as a precautionary measure and will keep you updated as the situation evolves.”
Blockchain audit and security firm Certik summed up the Mango Market hack in an autopsy and the team explained that the hacker was able to manipulate the mango token (MNGO). “The attacker used two addresses to manipulate the price of MNGO, Mango’s native token and collateral asset, from $0.038 to a maximum of $0.91,” Certik explained in a note sent to Bitcoin.com News. “This allowed them to borrow heavily against their $MNGO collateral, which they did to the tune of approximately $117 million, although this figure fluctuates as affected token prices reacted to the news.”
On October 11, 2022 at 11:19 pm UTC, Mango Market was attacked for a total loss of approximately ~$116 million.
The attacker was able to manipulate the price of the MNGO token and exploitatively borrowed more assets than they were supposed to.
— CertiK Alert (@CertiKAlert) October 12, 2022
According to For blockchain security firm Hacken, the hacker started with roughly $5 million in USDC to accomplish the goals. The official Mango Market Twitter account confirmed that two USDC-funded accounts took a massive long position on “MNGO-PERP”. “MNGO/USD underlying prices on various exchanges (FTX, Ascendex) experienced a 5-10x price increase in a matter of minutes,” Mango said. Mango further added that no Oracle vendor was to blame for the incident. The team emphasized:
We want to clarify and mention here that none of the Oracle providers have any bugs here. Oracle price report worked as it should.
Meanwhile, blockchain audit and security firm Certik has revealed that the attack vector was allegedly known as early as March 2022. “The vulnerability here stems from the low liquidity in the MNGO/USDC market, which was used as a benchmark. of prices for the MNGO. perpetual exchange”, adds the summary of Certik. “With only a few million USDC at his disposal, the attacker was able to increase the price of MNGO by 2,394%. This exact attack vector was apparently bred on Mango’s Discord channel in March of this year,” Certik’s autopsy concludes.
What do you think about the Mango Markets exploit? Let us know what you think about this topic in the comments section below.
image credits: Shutterstock, Pixabay, Wiki Commons
DisclaimerNote: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.