Solana-Based Decentralized Finance Platform Mango Hit by $100 Million Exploit

Mango's MNGO token was down over 40% after suffering from the latest massive decentralized finance exploit.

AccessTimeIconOct 11, 2022 at 11:21 p.m. UTC
Updated Oct 12, 2022 at 5:24 p.m. UTC

Sam is a reporter at CoinDesk focused on decentralized technology, DeFi and DAOs. He owns ETH, BTC and MATIC.

Mango, a decentralized finance platform hosted on the Solana blockchain, has been exploited for over $100 million.

The exploit was initially reported on Twitter by blockchain auditors OtterSec, who say “the attacker was able to manipulate their Mango collateral.”

“The [MGNO] governance token was valued for far more than it should be,” OtterSec’s Robert Chen told CoinDesk. “With that, [the attacker] was able to take out large loans against it and then drain Mango's [liquidity] pools. It's like a lending-borrowing race: If you have overvalued collateral, you can then borrow against that collateral, and that's what they did.”

According to Chen, it remains unclear how, exactly, the attacker managed to inflate MNGO’s value in the eyes of the Mango protocol, though there are already several theories floating around on Twitter suggesting how the heist could’ve been pulled off.

Mango confirmed the exploit in a tweet on Tuesday, stating that it was "investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation."

The drained funds remained, at press time, on the Solana blockchain. In similar cases, centralized exchanges like Coinbase, Binance and Kraken – the only entities with enough liquidity for someone to cash out amounts this large – have blacklisted offending addresses.

In its initial statement, Mango said it was "taking steps to have third parties freeze funds in flight" and "disabling deposits on the front end as a precaution."

Mango is a decentralized crypto exchange on the Solana blockchain that offers users the ability to make spot trades and loans. Mango's MNGO token was down over 42% in value in the past 24 hours amid fears the platform may have been exploited, according to price data from CoinMarketCap.

CoinDesk has reached out to Mango for comment.

Tuesday's exploit was the second major decentralized finance attack in less than a week, coming hot on the heels of an $80 million hack last week of Binance’s BNB blockchain.

UPDATE (Oct. 11, 2022 23:30 UTC): Adds tweet from Mango.

UPDATE (Oct. 11, 2022 23:42 UTC): Adds MNGO price information.

UPDATE (Oct. 12, 2022 00:30 UTC): Adds quote from OtterSec's Robert Chen.

UPDATE (Oct. 12, 2022 00:50 UTC): Adds additional tweet from Mango.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Sam is a reporter at CoinDesk focused on decentralized technology, DeFi and DAOs. He owns ETH, BTC and MATIC.

CoinDesk - Unknown

Sam is a reporter at CoinDesk focused on decentralized technology, DeFi and DAOs. He owns ETH, BTC and MATIC.