- Mango Markets has been hit as a hacker drains $100 million from the platform.
- The company blames the incident on an oracle price manipulation but says the team acknowledged the risk.
- Users panic as this hack comes days after $100 million was stolen from Binance Smart Chain, causing DeFi projects to reassure the safety of user funds.
Decentralized Finance (DeFi) is reeling from a slew of hacks, and the latest to fall victim is Mango Markets, as it loses $100 million to bad actors.
Solana-based DeFi trading platform Mango Markets has suffered a major hack this week, losing $100 million in funds. The company executives have blamed the incident on an oracle price manipulation with promises to prevent further attacks even though they acknowledged that they knew the risks.
According to blockchain auditors OtterSec, the attacker was able to manipulate the value of his collateral to take higher loans from the platform.
“The [MGNO] governance token was valued for far more than it should be. With that, [the attacker] was able to take out large loans against it and then drain Mango’s [liquidity] pools. It’s like a lending-borrowing race: if you have overvalued collateral, you can then borrow against that collateral, and that’s what they did.”
Joshua Lim, Derivatives Lead at Genesis Global Trading, threw more light into the incident explaining that the hacker offered 483 million units of perpetual contracts and then funded another account with 5 million USDC to purchase the contracts at $0.03 per unit. The attacker started moving the spot price to $0.97 per unit and took out a $116 million loan leaving the platform with a negative balance. Assets withdrawn include BTC, USDC, MNGO, etc.
Mango Markets is a DeFi trading platform on the Solana blockchain for spot trades and perpetual futures. Its MNGO token plunged over 40% after the incident.
Hacker holds Mango Markets to ransom
The hacker has come out publicly to state his demands adding that he is ready to return the funds. Posting on the community’s governance platform, the hacker proposed for the platform to pay a bad debt in the protocol with its $70 million balance in USDC. Mango Market, in conjunction with Solend put together a bailout for a whale that had over $206 million in debt.
In addition to this request, the hacker also seeks a promise that his account will not be closed and the company will not undertake a criminal investigation or seize his assets. Mango Markets, on their part, want him to return the funds for a “bug bounty”.