According to various reports, the trading and lending platform based on Solana Mango Markets was hacked because a malicious person was able to extract $117 million from the protocol. An analysis of the hack published by Certik explains that the attacker manipulated the price of the project’s native token (MNGO), allowing them to borrow $117 million against the mined collateral.
Mango Market Hacked for $117 Million, Attack Vector Briefing Blockchain Security Company
On Tuesday, Solana-based Mango Markets platform was hacked for $117 million. The team tweeted about the issue at 7:36 p.m. ET (ET) October 11. “We are currently investigating an incident where a hacker was able to withdraw funds from Mango through a price manipulation. magic”, Mango Market’s Twitter account detail. “We are taking steps to have third parties freeze funds in flight. We will disable deposits on the UI as a precaution and will update you as the situation develops.”
Blockchain security and auditing company Certik summarized the Mango Market hack in an autopsy, and the team explained that the hacker was able to manipulate the mango token (MNGO). “The attacker used two addresses to manipulate the price of MNGO — Mango’s native token and collateral — from $0.038 to as high as $0.91,” Certik explained in a statement. notes sent to Bitcoin.com News. “This allowed them to borrow money against their MNGO$ collateral, which they did for about $117 million, although this number is fluctuating due to the price of the affected tokens. enjoy the reaction to the news.”
On October 11, 2022 at 11:19 PM UTC, the Mango Market was hit with a total loss of approximately $116 million.
The attacker was able to manipulate the price of the MNGO token and borrow more assets than they were supposed to be able to.
– CertiK alert (@CertiKAlert) October 12, 2022
Follow to blockchain security company Hacken, the hacker started with about $5 million USDC to accomplish the goals. The official Mango Market Twitter account has confirmed that two accounts sponsored by USDC have taken a large long position in “MNGO-PERP”. “Basic MNGO/USD price on various exchanges (FTX, Ascendex) increased by 5-10x in minutes,” Mango speak. Mango added that no oracle vendor was at fault in the incident. The research team emphasized:
We want to clarify and add mention here that both oracle providers don’t have any errors here. Oracle price report was working as usual.
Meanwhile, blockchain security and auditing firm Certik has revealed that the attack vector is believed to be as early as March 2022. “The flaw here comes from the thin liquidity in the MNGO/USDC market, used as the reference price for the perpetual swap MNGO,” the Certik summary adds. “With just a few million USDC at their disposal, the attacker was able to pump the price of MNGO up to 2,394 percent. This exact attack vector is seems to be raised in Mango’s Discord channel back in March of this year,” concluded after Certik’s autopsy.
What do you think about how to mine Mango Markets? Let us know what you think about this topic in the comments section below.
Image credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This newspaper only gives true information. It is not a direct offer or solicitation to buy or sell, or a recommendation or endorsement for any product, service or company. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the Company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.