Solana-based decentralized finance platform Mango Markets was targeted on October 12, 2022, with an attack that drained $100 million off exchanges.
According to sources, the hackers seem to have manipulated their Mango collateral. Their actions resulted in a temporary spike in their collateral’s value. The attacker then proceeded to take out massive loans from the Mango treasury.
“The [MNGO] governance token was valued for far more than it should be. With that, [the attacker] was able to take out large loans against it and then drain Mango’s [liquidity] pools. It’s like a lending-borrowing race: if you have overvalued collateral, you can then borrow against that collateral, and that’s what they did,” OtterSec founder Robert Chen said in an interview.
As a precaution, Mango immediately took steps to have “third parties freeze funds in flight.” In addition to that, the platform will disable deposits on the front end. The company encouraged knowledgeable parties, such as white hat hackers, to share any information on the attack. Participants may keep in touch with the team through [email protected], “to discuss a bounty for the return funds.”
Theory on How the Hack Could Have Happened
Joshua Lim, Head of Derivatives at full-service digital currency platform Genesis Trading Digital, shared his theories on the recent hack.
According to Lim, the hacker funded the main account (account A) and offered 483mm units of $MNGO perps on the order book. The attacker then funded a second account (account B) with 5mm $USDC collateral. Then, he/she used the funds to buy the 483mm units of $MNGO perps (at a price of $0.0382 per unit).
The perpetrator’s actions made $MNGO’s spot market price, reaching as high as $0.91.
“$MNGO/USD price of $0.91 per unit, account B was in the money by 483mm * ($0.91 – $0.03298) = $423mm. That was enough unrealized P&L to take out a loan of $116mm across a bunch of tokens. This left mango and left the protocol at a deficit,” Lim stated.
In addition to that, Lim also claims that this hack “effectively wiped out all available liquidity on Mango.”
“After the attack $MNGO/USD traded down to $0.02, which means acct A is now ITM on its short $MNGO perp position to the tune of $12mm. Lim said. “But there is literally no liquidity left to pay acct A out, so the attacker will have to be satisfied with the $116mm he took from acct B.”
About Mango Markets
Built on the Solana Blockchain, Mango Markets is a cryptocurrency-focused platform that offers a host of features. This includes lending, borrowing, swapping, and leverage-trading.
$MNGO is Mango DAO‘s governance token. Holders can also use the token to participate in Liquidity Provider (LP) pools.
The token experienced a sudden surge on October 12, 2022, peaking at $0.08686 (with a 24-hour volume of $2.39 million). In just 24 hours, $MNGO crashed to as low as $0.0174 (with a 24-hour volume of $7.08 million). As of this writing, $MNGO is trading at $0.02495. It has a $22,306,368 market cap and a 24-hour volume of $8,218,339 (per CoinMarketCap).