Solana-Based Defi Protocol Mango Markets Loses $117 Million in Hack, Exploit Allegedly Revealed in Project’s Discord in March – Bitcoin News

According to several reports, Mango Markets, an Solana-based trading/lending platform Mango Markets suffered a hack that allowed a malicious actor to steal $117 million. An analysis of the hack published by Certik explains that the attacker manipulated the price of the project’s native token mango (MNGO) which allowed them to borrow $117 million against the exploited collateral.

Mango Markets Hacked for $117 million, Blockchain Security Firm Summarizes Attack Vector

Mango Markets, a platform that is based in Solana and cost $117 million to hack on Tuesday. This was reported by the Mango Markets team at 7:36 pm (ET) October 11. “We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation,” the Mango Market’s Twitter account detailed. “We are taking steps to have third parties freeze funds in flight. We will be disabling deposits on the front end as a precaution, and will keep you updated as the situation evolves.”

Certik, an auditing and security company that specializes in blockchain technology and fraud prevention, summarized the Mango Market attack. They also explained how the attacker managed to alter the token mango (MNGO) price. “The attacker used two addresses to manipulate the price of MNGO – Mango’s native token and collateral asset – from $0.038 to a peak of $0.91,” Certik explained in a note sent to News. “This allowed them to borrow heavily against their $MNGO collateral, which they did so to the tune of approximately $117 million, though this figure is fluctuating due to the prices of affected tokens reacting to the news.”

AccordingHacken said that the hacker began with $5 million USDC in order to achieve his goals. The official Mango Market Twitter account confirmed that two accounts funded with USDC took out a massive long position in “MNGO-PERP.” “Underlying MNGO/USD prices on various exchanges (FTX, Ascendex) experienced a 5-10x price increase in a matter of minutes,” Mango said. Mango added that the incident was not caused by any oracle provider. It was stressed by the team:

This is to make it clear that we are not blaming either oracle provider. Oracle price reporting was as accurate and reliable as it ought to have been.

Certik, a blockchain security firm and auditor has revealed that the attacker vector was known by Certik as far back as March 2022. “The vulnerability here stemmed from the thin liquidity on the MNGO/USDC market, which was used as the price reference for the MNGO perpetual swap,” Certik’s summary adds. “With only a few million USDC at their disposal, the attacker was able to pump the price of MNGO by 2,394%. This attack vector is exactly what was done. apparently raised in Mango’s Discord channel back in March of this year,” the Certik post-mortem concludes.

In this story, tags
$117 million, attack vector, certik, Certik post mortem, Certik Researchers, Hack, Hacken, incident, incident report, Mango, Mango Markets, Mango’s Discord channel, MNGO/USDC, oracle prices, Oracles, post mortem, Solana, Solana Lending App, Solana Trading app, Twitter, twitter account

Let us know your thoughts about this exploit at Mango Markets. Please comment below to let us know your thoughts on this topic.

Jamie Redman

Jamie Redman, a Florida-based financial journalist and news lead at News is Jamie Redman. Redman joined the cryptocurrency community in 2011 and has been an active member ever since. Redman is passionate about Bitcoin and open-source codes. Redman is a prolific writer for News, with over 6,000 articles on disruptive protocols.

Images CreditsShutterstock. Pixabay. Wiki Commons

DisclaimerThis information is provided for educational purposes only. This article is not intended to be a solicitation or offer to sell or buy any product, service, or company. is not a provider of investment, tax, legal or accounting advice. The author and the company are not responsible for any loss or damage caused or alleged caused by the content or use of any goods, services, or information mentioned in the article.

Get more Crypto News at CFX Magazine