The Mango markets has been exploited for over $100 million. An attacker drained Mango markets of BTC (sollet), USDT, SOL, mSOL, USDC under collateralized loans. The funds are currently on the Solana blockchain.
Initially it was assumed that the hacker was able to empty funds from the Solana based Mango market via an oracle price manipulation. However, the Mango team clarified that oracle providers are not at fault . The oracle price reporting worked as it should have. The Mango team further revealed how it was exploited:
- Two accounts funded by USDC took an outsized position in MNGO-PERP.
- Underlying MNGO/USD prices on various exchanges like FTX and Ascendex experienced a 5-10x price increase in a matter of minutes.
- This led to Switchboard and Pyth oracles updating their MNGO benchmark price to $0.15+.
- This further caused a mark-to-market increase in the value of the account that was long MNGO-PERP from the unrealized profit.
- This allowed the account to borrow and withdraw BTC (sollet), USDT, SOL, mSOL, USDC out of the Mango protocol.
- This maxed out the borrows available from the $190Million equivalent deposits on the platform.
- The net value extracted by the account was around $100 million equivalent at the time.
In response to the hack, Mango markets have already disabled deposits and are taking steps to have third-party funds frozen. Major crypto exchanges like Coinbase, Binance, Kraken with enough liquidity to cash out the funds, have already Blacklisted the hackers account.
Also Read: Binance Smart Chain Halts Following Potential Exploit of $100M
Mango Markets has also offered the attacker the chance to collect a bug bounty in exchange for returning the stolen funds.
This incident has effectively resulted in a total draining of all equity available. The Mango DAO’s current priorities are:
- Preventing any further unnecessary losses.
- To make sure depositors of the Mango protocol are made whole.
- To try and salvage some value in Mango DAO and protocol to rebuild from here.