Solana-Based DeFi Platform Mango Markets Hit By $100 Million Exploit

OtterSec, a blockchain security company, tweeted that the exchange had lost over $100 million because the hacker misrepresented the price of their Mango (MNGO) native token collateral before taking out huge loans from Mango's treasury.

Mango Acknowledged And Investigated The Incident

In a Tweet posted on Tuesday, Mango acknowledged the vulnerability and said it was investigating the incident where a hacker was able to extract funds from Mango through an oracle pricing manipulation. The Mango Markets group urged the attacker to get in touch with them to discuss a bug bounty and advised users not to deposit the money until more information was available.

Manipulation Of MNGO's Price

Later, the company acknowledged the manipulation of their MNGO token's price oracle. They also said they had blocked deposits until they looked into the matter further. According to statistics, the value of the platforms' MNGO token has decreased by almost 52% since the exploit.

At the time of publication, the drained funds were still on the Solana blockchain. Offending addresses have been flagged in similar circumstances by centralized exchanges like Coinbase, Binance, and Kraken, the only organizations with the liquidity for someone to cash out sums this high.

Repayment Of Bad Debt

The hacker behind the exploit has given the community an ultimatum. The hacker claims in a post on Mango's governance proposal platform that they want Mango's treasury to spend the $70 million in USDC it has available to pay back bad debt in accordance with the protocol. This bad debt originated from a rescue that Mango Markets and the competing Solana lending platform Solend organized for a massive Solana whale of $207 million in debt dispersed across several lending platforms.