Hacker stole more than $100 million from Mango Markets DeFi platform

An unknown actor drained digital assets worth about $116 million from the Solana-based trading and lending DeFi platform Mango Markets.

#CertiKSkynetAlert 🚨

On October 11, 2022 at 11:19 PM UTC, Mango Market was attacked for a total loss of roughly ~$116M.

The attacker was able to manipulate the price of the MNGO token and exploitatively borrowed more assets than what they were supposed to be able to.

🧵… pic.twitter.com/HSIUsPYyA4

— CertiK Alert (@CertiKAlert) October 12, 2022

The attacker used a deposit of 5 million USDC to manipulate the price of the native MNGO token by opening a large margin position in perpetual swaps. Due to low liquidity on the spot market, the asset’s price briefly jumped from $0.038 to $0.91 — about 2,295%.

2/ The attacker then began manipulating the price of MNGO on the spot MNGO/USDC market.

From a stable low of ~$0.038 prior to the attack, they pushed it up to a peak of $0.91. pic.twitter.com/qLvlMZboAa

— CertiK Alert (@CertiKAlert) October 12, 2022

The increase in the MNGO collateral value allowed the hacker to borrow and withdraw funds from the protocol in several coins.

5. The attacker has stolen the assets worth around $114M pic.twitter.com/K0nQNLdCOU

— Hacken🇺🇦 at Devcon 🇨🇴 (@hackenclub) October 11, 2022

«В настоящее время мы расследуем инцидент, в результате которого хакер вывел средства из Mango с помощью манипулирования ценами оракула», — написала команда проекта.

We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.

We are taking steps to have third parties freeze funds in flight. 1/

— Mango (@mangomarkets) October 11, 2022

In a day, the price of MNGO fell by more than 43% to $0.022 (CoinGecko). According to CoinGecko, the value of funds locked in the protocol fell to $200.

«Это не была атака манипулирования оракулом, а скорее классическая pump-and-dump. Самый старый риск в истории протоколов объединенного кредитования. Цена MNGO briefly breached the legitimate $0.30 for a couple minutes. Oracles worked as they should have—just bad risk parameters», — commented the incident analyst known as foobar.

This was *not* an oracle manipulation attack, rather a classic pump-and-dump on thinly traded books. The oldest risk in the book for pooled lending protocols. MNGO price was legitimately 30 cents for a couple minutes there. Oracles reported accurately, just bad risk parameters

— foobar (@0xfoobar) October 12, 2022

The Mango team confirmed that the oracles worked ‘as they should have’.

We want to clarify and add mention here that neither oracle providers have any fault here.

The oracle price reporting worked as it should have. https://t.co/t34MYDrVRu

— Mango (@mangomarkets) October 12, 2022

In the third quarter of 2022, losses in the Web3 ecosystem from hacks and fraud totalled $428.7 million.

Of the total, $399 million came from hacker attacks. The bulk of losses came from two incidents — the cross-chain protocol Nomad ($190 million) and market maker Wintermute ($160 million).

Follow ForkLog’s bitcoin news on our Telegram — cryptocurrency news, rates and analytics.