On Tuesday, Solana-based DeFi trading platform Mango Markets was exploited for around $117 million. Mango Markets confirmed that the funds were drained from the platform via an oracle price manipulation.
According to blockchain auditor OtterSec, the attacker manipulated their Mango collateral by temporarily driving up the collateral value and then took out massive loans against the collateral.
Mango Markets said that they are currently investigating the incident and have disabled front-end deposits.
The protocol explained that 2 USDC-funded accounts took an outsized position in MNGO perps (perpetual contracts). As a result, MNGO prices on exchanges such as FTX and Ascendex shot up 5-10x within a few minutes.
Switchboard and Pyth oracles updated their MNGO benchmark price to $0.15+, causing an increase in mark-to-market value of the account that was long on MNGO-PERP. This allowed the account to borrow other cryptos from the platform in excess of the fair amount.
The net value drained was $100 million in USDC, MSOL, SOL, BTC, USDT, SRM, and MNGO, confirmed by Mango Markets.
“We believe the most constructive way to approach this is to continue communicating with those responsible for the incident and attempt to resolve the issues amicably,” tweeted Mango Markets.
The attacker has put forth a proposal titled “repay bad debt” on the Mango Markets DAO, demanding a $70 million bounty. The hacker would send back $50 million worth of hacked funds if Mango used the $70 million in the treasury to clear bad debts.
The attacker has also requested to be left out of criminal charges.
“You’re disgusting. What you did is wrong in every way possible,” commented a user on the proposal.
Following the news, the MANGO token was down more than 40%, according to Coinmarketcap data.