There was a 100 million dollar loss for the BNB Chain less than a week before this hack. Mango Markets lost $100 million in DeFi funds this week as a result of an exploit.
Mango Markets tweeted Tuesday evening, claiming that a hacker had been able to drain funds from Mango through an Oracle price manipulation.
OtterSec reports that the attacker temporarily increased the value of the collateral and then borrowed money from the Mango Treasury.
Mango Markets, a Solana-based platform that trades digital assets on the Solana Blockchain for spot margin and trading perpetual options, is available. Mango DAO manages Mango Markets.
Robert Chen, founder of OtterSec, stated that “it’s an economic design flaw” and added that it was a risk Mango Markets had already recognized.
At 6:19 ET, an attacker funded Account A with 5mm USDC collateral,” Joshua Lim, Head of Derivatives, Genesis Global Trading tweeted.
Lim explained that the attacker offered 483 Million MNGO Perps (perpetual contract) to Mango Markets. At 6:24 AM ET, the attacker funded a second account with $5,000,000 USDC in order to purchase those 483 million MNGO perps at $0.03 per unit.
At 6:26 pm ET, the attacker moved the Mango spot price, driving it to $0.91 and the $423 million value of the 483,000,000 MNGO.
The attacker took out a $116million loan, leaving Mango’s Treasury with a negative balance at -116.7 million. USDC, MSOL and SOL were all taken, along with USDT, USDT, SRM and MNGO. This wiped out Mango’s liquidity.
Mango Markets responded by saying it had disabled deposits and that it is working to freeze third-party funds.
One Twitter user pointed out that the attacker was paid 5.5 million dollars by FTX. This prompted Sam Bankman-Fried, CEO of FTX to reply that they are investigating.
Mango Markets offered the attacker the opportunity to receive a bug bounty in return for the stolen funds.