Solana-based DeFi platform hacked in a $100 Million Exploit, Here’s the Details

cropped CoinGape logo 32x32 1

Solana-based decentralized finance (DeFi) protocol Mango Markets has been the victim of the hack in the latest exploit. As per the details, the attacker has managed to drain more than $100 million from the DeFi protocol.

As per the details provided by the blockchain auditing website OtterSec, the attacker managed to get a large number of loans from the Mango Treasury by manipulating the DeFi protocol’s collateral. This resulted in a massive loss of funds from the Mango Treasury.

Mago Markets is a Solana-based DeFi platform that trades digital assets for spot margin and trading perpetual futures. Mango’s decentralized autonomous organization (DAO) manages the overall governance of the Mango Markets. The DeFi protocol has taken immediate cognizance of the matter noting:

We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight. We will be disabling deposits on the front end as a precaution and will keep you updated as the situation evolves.

Mango Markets has asked its users not to make any fresh deposits until the situation is clear. Furthermore, it is reaching out to the attacker for the return of the funds while offering some bug bounty.

Trending Stories

The Exploit of Mango Markets

Joshua Lim, the Head of Derivatives at Genesis Global Trading, has provided further details into how the hacker orchestrated the hack. He writes:

  1. At 6:19 PM ET, attacker funded acct A (CQvKS…) with 5mm USDC collateral.
  2. The attacker then offered out 483mm units of MNGO perps on the order book.
  3. At 6:24 PM ET, attacker funded acct B (4ND8F…) with 5mm USDC collateral to buy those 483mm units of MNGO perps, at a price of $0.0382 per unit.
  4. At 6:26 PM ET, attacker started to move the price of MNGO spot mkt, it traded as high as $0.91.
  5. At MNGO/USD price of $0.91 per unit, account B was in the money by 483mm * ($0.91 – $0.03298) = $423mm.

With this P&L, the attacker then took out $116 million in loans across all tokens. Joshua writes that the attacker wiped out all liquidity on Mango.

Bhushan is a FinTech enthusiast and holds a good flair in understanding financial markets. His interest in economics and finance draw his attention towards the new emerging Blockchain Technology and Cryptocurrency markets. He is continuously in a learning process and keeps himself motivated by sharing his acquired knowledge. In free time he reads thriller fictions novels and sometimes explore his culinary skills.
6d622b7613c3c79c72d94a2e7cffa3b2?s=200&d=mm&r=g
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.