Solana-Based Defi Platform Mango Reportedly Hit By $115M Exploit

More than $100 million has been stolen from Mango, a Solana-based decentralised network. 

OttSec, a blockchain auditor, initially revealed the vulnerability on Twitter, stating that “the attacker was able to manipulate their Mango collateral.”

Robert Chen, of OtterSec, said that the MGNO governance token was priced considerably over its fair value. With this information, the attacker could take out massive loans against Mango’s liquidity pools and drain them. It’s similar to a lending-borrowing race: With overpriced collateral, you can borrow against it, which is what they did.

According to Chen, it is still unknown how the attacker inflated MNGO’s value in the eyes of the Mango protocol. Still, several suggestions arecirculate circulating on Twitter about how the theft may have been accomplished.

Mango revealed the attack through Twitter on Tuesday, saying that it was looking into an incident in which a hacker could have syphoned cash from Mango by manipulating oracle prices.

We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.

We are taking steps to have third parties freeze funds in flight. 1/

— Mango (@mangomarkets) October 11, 2022

At the time of publication, the drained money remained on the Solana blockchain. In similar instances, centralised exchanges such as Coinbase, Binance, and Kraken — the only institutions with the liquidity to pay out amounts of this magnitude – have banned the addresses of offenders.

In its original statement, Mango stated that it was trying to have third parties freeze cash in flight and disable deposits as a precaution on the front end.

Mango is a decentralised crypto exchange built on the Solana blockchain for users to do spot transactions and get loans. According to CoinMarketCap, Mango’s MNGO token lost almost 42% of its value in the last twenty-four hours due to concerns that the platform may have been abused.

The vulnerability on Tuesday was the second big decentralised financial assault in less than a week, after an $80 million hack of Binance’s BNB blockchain the previous week.