$100 Million Was Stolen From the Decentralized Finance Platform Mango, Which Is Solana-Based

Over one hundred million dollars was stolen from the decentralized financial network known as Mango, which was housed on the Solana blockchain. OtterSec, a blockchain auditing company, was the first to expose the issue on Twitter.

It appears the attacker was able to manipulate their Mango collateral. They temporarily spiked up their collateral value, and then took out massive loans from the Mango treasury. pic.twitter.com/2IJrB9RcEJ

— OtterSec (@osec_io) October 11, 2022

The attacker was able to alter the Mango collateral, which he subsequently used to deplete Mango’s liquidity pools. According to the analysis of OtterSec’s Robert Chen, It’s kind of like a competition between lending and borrowing: if a user has collateral that’s been overvalued, such person can borrow against it, and that’s precisely what they did.

In addition, it is still unknown how precisely the attacker managed to inflate MNGO’s value in the eyes of the Mango protocol, despite the fact that there are already several suggestions on Twitter proposing how the robbery could’ve been carried out.

Trading Platforms Have Blocked Addresses Associated With the Fraudulent Accounts

In a tweet published Tuesday, Mango acknowledged the vulnerability and said that the company was “investigating an incident where a hacker was able to drain cash from Mango through an oracle pricing manipulation.”

We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.

We are taking steps to have third parties freeze funds in flight. 1/

— Mango (@mangomarkets) October 11, 2022

At the time of the press, the drained money was still on the Solana blockchain. In instances identical to this one, centralized exchanges like Coinbase, Binance, and Kraken have banned the offending addresses since they are the only entity with the liquidity to allow someone to cash out quantities of this magnitude.

Mango first said that it was “taking efforts to have third parties freeze cash in flight” and that it was “disabling deposits on the front end as a precaution” in its original announcement.

Users of the decentralized cryptocurrency exchange Mango, which is built on the Solana blockchain, have the option to engage in spot transactions and take out loans. According to statistics provided by CoinMarketCap, the value of the MNGO token issued by Mango has decreased by more than 43 percent in the previous twenty-four hours on the back of concerns that the platform may have been abused.

The breach on Tuesday was the second big assault on decentralized finance in less than a week. It came on the heels of a theft that occurred the previous week on Binance’s BNB blockchain that stole $80 million.