Solana-Based Decentralized Finance Platform Mango Hit by $100 Million Exploit

Mango's MNGO token was down over 40% after suffering from the latest massive decentralized finance exploit.

AccessTimeIconOct 11, 2022 at 11:21 p.m. UTC
Updated May 9, 2023 at 3:59 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Mango, a decentralized finance platform hosted on the Solana blockchain, has been exploited for over $100 million.

The exploit was initially reported on Twitter by blockchain auditors OtterSec, who say “the attacker was able to manipulate their Mango collateral.”

“The [MGNO] governance token was valued for far more than it should be,” OtterSec’s Robert Chen told CoinDesk. “With that, [the attacker] was able to take out large loans against it and then drain Mango's [liquidity] pools. It's like a lending-borrowing race: If you have overvalued collateral, you can then borrow against that collateral, and that's what they did.”

According to Chen, it remains unclear how, exactly, the attacker managed to inflate MNGO’s value in the eyes of the Mango protocol, though there are already several theories floating around on Twitter suggesting how the heist could’ve been pulled off.

Mango confirmed the exploit in a tweet on Tuesday, stating that it was "investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation."

The drained funds remained, at press time, on the Solana blockchain. In similar cases, centralized exchanges like Coinbase, Binance and Kraken – the only entities with enough liquidity for someone to cash out amounts this large – have blacklisted offending addresses.

In its initial statement, Mango said it was "taking steps to have third parties freeze funds in flight" and "disabling deposits on the front end as a precaution."

Mango is a decentralized crypto exchange on the Solana blockchain that offers users the ability to make spot trades and loans. Mango's MNGO token was down over 42% in value in the past 24 hours amid fears the platform may have been exploited, according to price data from CoinMarketCap.

CoinDesk has reached out to Mango for comment.

Tuesday's exploit was the second major decentralized finance attack in less than a week, coming hot on the heels of an $80 million hack last week of Binance’s BNB blockchain.

UPDATE (Oct. 11, 2022 23:30 UTC): Adds tweet from Mango.

UPDATE (Oct. 11, 2022 23:42 UTC): Adds MNGO price information.

UPDATE (Oct. 12, 2022 00:30 UTC): Adds quote from OtterSec's Robert Chen.

UPDATE (Oct. 12, 2022 00:50 UTC): Adds additional tweet from Mango.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. He reports on decentralized technology, infrastructure and governance. He owns ETH and BTC.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.