The Solana DeFi protocol was hacked on Oct. 11, which led to a $117 million loss of funds. As part of the “bug bounty” program, the hacker is seeking 70M USDC as a reward.
One day after $117million was taken from Solana DeFi platform Mango Markets using a price feed exploit, the hacker responsible for the attack demanded an agreement. The Mango Markets decentralized autonomous organisation (DAO), was the forum where the proposal was submitted.
The procedure, if approved, would see the hacker send stolen Mango Markets MNGO, Solana and Marinade Staked SOL token at an address provided to them by the Mango DAO group. Users with unpaid debt will be reimbursed. Hackers demand that bad debts be treated as insurance and a bug bounty. We will do this by using the community’s treasurey, which is worth 70 million USD Coins (USDC), or $70 million.
To make matters worse, the hacker voted in favor of the proposal by using millions upon millions of tokens he had stolen from the exploit.
It is unlikely to pass because it does not have enough votes. Those users who vote for the settlement must agree to pay the bounty and pay off the unpaid debt with Treasury. Users with delinquent debt accounts will also be exempt from any claims.
Unsurprisingly, reactions were overwhelmingly negative with only one user posting:
“You’re disgusting. You did everything wrong. It would have been more responsible to inform the team about the vulnerability and not exploit it. I wish you zero mercy from the law enforcement community.
Even though the incident was a disaster, it is possible that losses are lower than originally estimated. Solana stablecoin protocol UXD stated that it had $20 million total exposure in Mango Markets. Its insurance fund has more assets than $53.5 million and is sufficient to cover losses. At the time of publication, the vote on the hacker’s proposal is ongoing.