- Due to an exploit in the second $100 million DeFi breach this week, Mango Markets suffered a loss of $100 million.
- Over the past 24 hours, this attack has caused Mango Markets, a decentralized system headquartered in Solana, to lose value.
- According to the blockchain auditing website OtterSec, the attacker momentarily inflated the value of their collateral.
Mango Markets lost $100 million owing to an exploit in the second $100 million DeFi breach this week. Mango Markets reported on Twitter on Tuesday night that a hacker had used an oracle pricing manipulation to steal money from Mango. Just last Thursday, the Binance Smart Chain, another DeFi system, had $100 million stolen from it.
The value of Mango Markets, a Solana-based decentralized protocol, has been falling over the past 24 hours due to this hack. According to CryptoSlate data, the MNGO coin dropped more than 40% to $0.02396 during the last day. During this time, SOL also lost about 1% of its value, closing at $31.
The attacker temporarily increased the value of their collateral, according to the blockchain auditing website OtterSec, and then drew out loans from the Mango treasury.
Mango Markets is a Solana-based platform for spot margin and perpetual futures trading of digital assets on the Solana blockchain. Mango DAO is in charge of Mango Markets.
OtterSec founder Robert Chen stated,
It’s an economic design issue, and it’s a risk that Mango Markets has already identified.
@mangomarkets was just drained for over $100M. https://t.co/SI4hccCIQx— OtterSec (@osec_io) October 11, 2022
Joshua Lim, the head of derivatives at Genesis Global Trading, tweeted,
At 6:19 PM ET, an attacker filled account A with 5mm USDC collateral.
The attacker then offered 483 million units of MNGO perps (perpetual contracts) on the Mango Markets order book, as Lim said. The attacker then financed another account at 6:24 PM ET with 5 million USDC in collateral to purchase those 483 million MNGO perps at $0.03 each.
1/ this is how I think the mango attack played out, please let me know if I got anything wrong:— Joshua Lim (@joshua_j_lim) October 12, 2022
at 6:19 PM ET, attacker funded acct A (CQvKS…) with 5mm USDC collateralhttps://t.co/hZuV3WexWh https://t.co/cs2Wxo2Roy pic.twitter.com/rkdtJ8KU7h
Through a proposal sent to the DAO, the hacker has disclosed the conditions under which he will return the assets.
The hacker suggested that Mango use the $70 million USDC in its coffers to pay off delinquent debts. The bad debt in the proposal is the result of a bailout by Mango Markets and Solend for a whale on Solana with $207 million in debt spread across several lending platforms.
In case the whale positions had to be liquidated, the lending protocols had put up a bailout to shield the market from the possibility of contagion.