Attacker Behind $116M Mango Markets Exploit Eyes $65M Bounty

Mango Markets, a margin trading and lending platform on the Solana blockchain, was exploited to the tune of $116M on Oct. 11, the venture said on Twitter.

The attacker managed to inflate the price of the platform’s native MNGO token and drain all the liquidity from the protocol, according to Joshua Lim, Head of Derivatives at Genesis Global Trading.

The team has since paused both deposits and withdrawals on the platform. It has asked the hacker to return the funds and claim a ‘white-hat’ bounty.

Just last week, Transit Finance used a similar strategy to deal with a hacker who engineered a $29M exploit of the swap aggregator. The culprit returned the funds to the protocol and claimed a bounty of $677,000.

This latest attack comes in a period of record exploits in DeFi, as three other protocols disclosed security vulnerabilities in the span of 24 hours.

TempleDAO was hacked for $2.3M. Then Supremacy Inc. disclosed that ParaSwap’s deployer wallet was compromised due to a Profanity exploit. This was the same attack vector used in Wintermute’s $160M hack, back in September. ParaSwap has since said that funds are not at risk.

And the third hack was of Rabby Swap, which asked users to revoke access to their smart contracts. Users of Rabby Wallet, but not Rabby Swap, are not at risk.

Price Manipulation

Last year, Mango Markets raised $70M from a MNGO token sale.

Joshua Lim broke down the entire incident in a Twitter thread. According to Lim, the hacker used two accounts with $5M USDC in each to fund the MNGO-USD perp.

According to Lim’s analysis, the hacker sold 483M MNGO perpetual futures from Account A, and then bought the same instrument using Account B at a price of $0.0382. Subsequently, the hacker went on to manipulate the price of the MNGO tokens on the spot market, which went as high as $0.91, Lim said.

This resulted in the hacker making $423M in unrealized profit, which was enough to take out a $116M loan. This drained the platform of all its liquidity.

The upshot: the flaw was in the economic design of the platform instead of the oracles the platform taps to receive price data. This was confirmed by the Mango Markets team.

Sam Bankman-Fried, the CEO of FTX, said the hacker used FTX to borrow 5.5M USDC tokens. He also said FTX is investigating the transaction and will take appropriate action.

As a result of this hack, MNGO sank to an all-time low of $0.0174 but it has shot up 62% since then.

Hacker Proposes To The DAO

On Oct.12, the hacker made a governance proposal in which he suggested the platform use its 70M USDC in reserves to repay bad debts.

Much of the bad debt was generated when Mango Markets teamed up with Solend, a lending protocol on Solana’s blockchain, to address the risky debt of a large SOL holder back in June.

If the proposal passes, the hacker claims they will send back MNGO, SOL and MSOL tokens to an address specified by the Mango team, which would amount to $51M.

However, the hacker would get to keep the remaining $65M as a bounty. No legal action would be taken against them, nor will their funds be frozen.

In a twist, the hacker used stolen MNGO tokens to vote in favor of the proposal, which represents 0.71% of the total supply.

The proposal requires an additional 66.74M yes votes to pass quorum, and ends on Oct.15.