Solana TVL tanks 23% following $100M Mango Market hack

1 year ago

The $100 cardinal exploit of Solana-based decentralized protocol Mango Markets has sent the worth of its autochthonal token MNGO and that of SOL spiraling down implicit the past 24 hours.

CryptoSlate information shows that the MNGO token fell much than 40% successful the past 24 hours to $0.02396. During this period, SOL besides shed astir 1% of its worth to commercialized astatine $31.

Meanwhile, the full worth of assets locked successful Solana dropped 23% to $997 cardinal from $1.32 billion, according to DeFillama data. This is the archetypal clip Solana’s TVL has fallen beneath $1 cardinal since July 2021.

The exploit

Mango Market stated that the hacker manipulated MNGO’s worth by taking an outsized presumption successful MNGO-PERP and counter-traded themselves with different account. This led to the USD worth of MNGO rising connected assorted exchanges.

Around 22:00 UTC October 11th the protocol had an incidental involving the following:

-2 accounts funded with USDC took an outsized presumption successful MNGO-PERP

-Underlying MNGO/USD prices connected assorted exchanges (FTX, Ascendex) experienced a 5-10x terms summation successful a substance of minutes

— Mango (@mangomarkets) October 12, 2022

The terms oracles Switchboard and Pyth accrued the benchmark MNGO terms based connected this, causing a “mark-to-market summation successful the worth of the relationship that was agelong MNGO-PERP from the unrealized profit.”

This allowed the hacker to retreat $100 cardinal worthy of assets which was each the liquidity connected the protocol.

Blockchain information steadfast OtterSec wrote that the attacker manipulated Mango’s collateral, which allowed him to instrumentality retired monolithic loans from the treasury.

It appears the attacker was capable to manipulate their Mango collateral. They temporarily spiked up their collateral value, and past took retired monolithic loans from the Mango treasury. pic.twitter.com/2IJrB9RcEJ

— OtterSec (@osec_io) October 11, 2022

Hacker makes proposal

The hacker has released his presumption for returning the funds done a proposal submitted to the DAO.

According to the hacker, Mango should repay atrocious debts utilizing its treasury’s $70 cardinal USDC. The atrocious indebtedness successful the connection comes from a bailout by Mango Markets and Solend for a Solana whale with astir $207 cardinal successful indebtedness crossed aggregate lending platforms connected Solana.

The lending protocols had enactment unneurotic a bailout to support the marketplace from the hazard of contagion if the whale positions were to beryllium liquidated.

The connection states, “any atrocious indebtedness volition beryllium viewed arsenic a bug bounty/insurance, paid retired of the mango security fund.” The hacker besides asks that Mango token holders waive their close to prosecute immoderate imaginable claims against accounts with atrocious debt.

He besides wants assurance that nary transgression enactment oregon freezing of funds would occur. As of property time, 33 cardinal votes (99%) enactment the proposal.

Meanwhile, a Twitter user, foobar, pointed retired that the “yes” votes were coming from the attacker. The hacker would request astatine slightest 67 cardinal much votes to scope a quorum.

nvm the yes votes are coming chiefly from the attacker

— foobar (@0xfoobar) October 12, 2022

Mango Markets response

Mango Markets’ squad has said its primary absorption is to forestall further losses, guarantee depositors are made full and salvage immoderate worth for the protocol.

DAO priorities are:

Preventing immoderate further unnecessary losses (already achieved by halting programme instructions)