According to several reports, Mango Markets, an Solana-based trading/lending platform Mango Markets suffered a hack that allowed a malicious actor to steal $117 million. An analysis of the hack published by Certik explains that the attacker manipulated the price of the project’s native token mango (MNGO) which allowed them to borrow $117 million against the exploited collateral.
Mango Markets Hacked for $117 million, Blockchain Security Firm Summarizes Attack Vector
Mango Markets, a platform that is based in Solana and cost $117 million to hack on Tuesday. This was reported by the Mango Markets team at 7:36 pm (ET) October 11. “We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation,” the Mango Market’s Twitter account detailed. “We are taking steps to have third parties freeze funds in flight. We will be disabling deposits on the front end as a precaution, and will keep you updated as the situation evolves.”
Certik, an auditing and security company that specializes in blockchain technology and fraud prevention, summarized the Mango Market attack. They also explained how the attacker managed to alter the token mango (MNGO) price. “The attacker used two addresses to manipulate the price of MNGO – Mango’s native token and collateral asset – from $0.038 to a peak of $0.91,” Certik explained in a note sent to Bitcoin.com News. “This allowed them to borrow heavily against their $MNGO collateral, which they did so to the tune of approximately $117 million, though this figure is fluctuating due to the prices of affected tokens reacting to the news.”
Mango Market suffered a loss of approximately $116M on October 11, 2022, at 11:19 UTC.
It was possible for the attacker to manipulate MNGO token prices and take advantage of more assets than they should be.
— CertiK Alert (@CertiKAlert) October 12, 2022
AccordingHacken said that the hacker began with $5 million USDC in order to achieve his goals. The official Mango Market Twitter account confirmed that two accounts funded with USDC took out a massive long position in “MNGO-PERP.” “Underlying MNGO/USD prices on various exchanges (FTX, Ascendex) experienced a 5-10x price increase in a matter of minutes,” Mango said. Mango added that the incident was not caused by any oracle provider. It was stressed by the team:
This is to make it clear that we are not blaming either oracle provider. Oracle price reporting was as accurate and reliable as it ought to have been.
Certik, a blockchain security firm and auditor has revealed that the attacker vector was known by Certik as far back as March 2022. “The vulnerability here stemmed from the thin liquidity on the MNGO/USDC market, which was used as the price reference for the MNGO perpetual swap,” Certik’s summary adds. “With only a few million USDC at their disposal, the attacker was able to pump the price of MNGO by 2,394%. This attack vector is exactly what was done. apparently raised in Mango’s Discord channel back in March of this year,” the Certik post-mortem concludes.
Let us know your thoughts about this exploit at Mango Markets. Please comment below to let us know your thoughts on this topic.
Images CreditsShutterstock. Pixabay. Wiki Commons
DisclaimerThis information is provided for educational purposes only. This article is not intended to be a solicitation or offer to sell or buy any product, service, or company. Bitcoin.com is not a provider of investment, tax, legal or accounting advice. The author and the company are not responsible for any loss or damage caused or alleged caused by the content or use of any goods, services, or information mentioned in the article.