{"id":68443,"date":"2022-10-12T10:53:52","date_gmt":"2022-10-12T07:53:52","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=68443"},"modified":"2025-09-07T14:08:30","modified_gmt":"2025-09-07T11:08:30","slug":"hacker-stole-more-than-100-million-from-mango-markets-defi-platform","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-stole-more-than-100-million-from-mango-markets-defi-platform\/","title":{"rendered":"Hacker stole more than $100 million from Mango Markets DeFi platform"},"content":{"rendered":"<p>An unknown actor drained digital assets worth about $116 million from the Solana-based trading and lending DeFi platform Mango Markets.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/CertiKSkynetAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#CertiKSkynetAlert<\/a> \ud83d\udea8<\/p>\n<p>On October 11, 2022 at 11:19 PM UTC, Mango Market was attacked for a total loss of roughly ~$116M.<\/p>\n<p>The attacker was able to manipulate the price of the MNGO token and exploitatively borrowed more assets than what they were supposed to be able to.<\/p>\n<p>\ud83e\uddf5\u2026 <a href=\"https:\/\/t.co\/HSIUsPYyA4\">pic.twitter.com\/HSIUsPYyA4<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1580027952095371265?ref_src=twsrc%5Etfw\">October 12, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The attacker used a deposit of 5 million USDC to manipulate the price of the native MNGO token by opening a large margin position in perpetual swaps. Due to low liquidity on the spot market, the asset&#8217;s price briefly jumped from $0.038 to $0.91 \u2014 about 2,295%.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">2\/ The attacker then began manipulating the price of MNGO on the spot MNGO\/USDC market. <\/p>\n<p>From a stable low of ~$0.038 prior to the attack, they pushed it up to a peak of $0.91. <a href=\"https:\/\/t.co\/qLvlMZboAa\">pic.twitter.com\/qLvlMZboAa<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1580028397014552576?ref_src=twsrc%5Etfw\">October 12, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The increase in the MNGO collateral value allowed the hacker to borrow and withdraw funds from the protocol in several coins.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">5. The attacker has stolen the assets worth around $114M <a href=\"https:\/\/t.co\/K0nQNLdCOU\">pic.twitter.com\/K0nQNLdCOU<\/a><\/p>\n<p>\u2014 Hacken\ud83c\uddfa\ud83c\udde6 at Devcon \ud83c\udde8\ud83c\uddf4 (@hackenclub) <a href=\"https:\/\/twitter.com\/hackenclub\/status\/1579979148319404033?ref_src=twsrc%5Etfw\">October 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00ab\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043c\u044b \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u0435\u043c \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440 \u0432\u044b\u0432\u0435\u043b \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0438\u0437 Mango \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0446\u0435\u043d\u0430\u043c\u0438 \u043e\u0440\u0430\u043a\u0443\u043b\u0430\u00bb, \u2014 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. <\/p>\n<p>We are taking steps to have third parties freeze funds in flight. 1\/<\/p>\n<p>\u2014 Mango (@mangomarkets) <a href=\"https:\/\/twitter.com\/mangomarkets\/status\/1579979342423396352?ref_src=twsrc%5Etfw\">October 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In a day, the price of MNGO fell by more than 43% to $0.022 (CoinGecko). According to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/mango\">CoinGecko<\/a>, the value of funds locked in the protocol fell to $200.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/fpnOhLyL80kc-AbltVMRfcs5jDh5sySUJUWnE5GNzIhrHdaA5-cr_RUZJrWjVm_ZRlmNULCYBM5RH9eStFgpMmLLR373v-0JKOS_JruGMdPzQrJrgE6HVZuNWN-92ye7TV_5o3V6IyP-i3dqrKnQ4gpdLBzzn9wTGjrUOyg2pqmjBcYcJGcCFou_\" alt=\"Hacker stole more than $100 million from Mango Markets DeFi platform\"\/><figcaption>\u00a0Data: DeFi Llama.<\/figcaption><\/figure>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00ab\u042d\u0442\u043e \u043d\u0435 \u0431\u044b\u043b\u0430 \u0430\u0442\u0430\u043a\u0430 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0440\u0430\u043a\u0443\u043b\u043e\u043c, \u0430 \u0441\u043a\u043e\u0440\u0435\u0435 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0430\u044f <a href=\"https:\/\/forklog.com\/en\/news\/what-is-pump-and-dump\">pump-and-dump<\/a>. \u0421\u0430\u043c\u044b\u0439 \u0441\u0442\u0430\u0440\u044b\u0439 \u0440\u0438\u0441\u043a \u0432 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u0440\u0435\u0434\u0438\u0442\u043e\u0432\u0430\u043d\u0438\u044f. \u0426\u0435\u043d\u0430 MNGO briefly breached the legitimate $0.30 for a couple minutes. Oracles worked as they should have\u2014just bad risk parameters\u00bb, \u2014 commented the incident analyst known as foobar.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">This was *not* an oracle manipulation attack, rather a classic pump-and-dump on thinly traded books. The oldest risk in the book for pooled lending protocols. MNGO price was legitimately 30 cents for a couple minutes there. Oracles reported accurately, just bad risk parameters<\/p>\n<p>\u2014 foobar (@0xfoobar) <a href=\"https:\/\/twitter.com\/0xfoobar\/status\/1579988231873236993?ref_src=twsrc%5Etfw\">October 12, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Mango team confirmed that the oracles worked &#8216;as they should have&#8217;.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">We want to clarify and add mention here that neither oracle providers have any fault here. <\/p>\n<p>The oracle price reporting worked as it should have. <a href=\"https:\/\/t.co\/t34MYDrVRu\">https:\/\/t.co\/t34MYDrVRu<\/a><\/p>\n<p>\u2014 Mango (@mangomarkets) <a href=\"https:\/\/twitter.com\/mangomarkets\/status\/1580074498174652416?ref_src=twsrc%5Etfw\">October 12, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In the third quarter of 2022, losses in the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-web3\">Web3<\/a> ecosystem from hacks and fraud <a href=\"https:\/\/forklog.com\/en\/news\/crypto-industry-loses-428-million-in-q3-to-hacks-and-scams\">totalled $428.7 million<\/a>.<\/p>\n<p>Of the total, $399 million came from hacker attacks. The bulk of losses came from two incidents \u2014 the cross-chain protocol <a href=\"https:\/\/forklog.com\/en\/news\/nomad-offers-hackers-90-of-stolen-funds-to-return-assets\">Nomad ($190 million)<\/a> and market maker <a href=\"https:\/\/forklog.com\/en\/news\/hackers-stole-160-million-from-wintermute\">Wintermute ($160 million)<\/a>.<\/p>\n<p>Follow ForkLog&#8217;s bitcoin news on our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 cryptocurrency news, rates and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown actor drained digital assets worth about $116 million from the Solana-based Mango Markets trading and lending DeFi platform.<\/p>\n","protected":false},"author":1,"featured_media":68444,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-68443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"46","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/68443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=68443"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/68443\/revisions"}],"predecessor-version":[{"id":68445,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/68443\/revisions\/68445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/68444"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=68443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=68443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=68443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}