How Market Manipulation Led to a $100M Exploit on Solana DeFi Exchange Mango

The trader capitalized on a lack of liquidity by manipulating the price of MNGO on decentralized exchange, Mango.

AccessTimeIconOct 12, 2022 at 10:11 a.m. UTC
Updated Oct 12, 2022 at 5:26 p.m. UTC

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

A rogue crypto trader utilized millions of dollars to manipulate the prices of Mango’s MNGO tokens on the namesake decentralized exchange (DEX) to eventually drain over $116 million in liquidity from the platform.

The exchange allows users to trade spot and perpetual futures using its on-chain trading interface at low fees. Some $30 million worth of crypto was traded on the exchange in the past 24 hours, as per CoinGecko data.

The move stemmed amid ongoing drama surrounding a bad debt within the Solana DeFi ecosystem that involved the lending application Solend and Mango.

As reported earlier this morning, Mango and Solend teamed up earlier this year to put together funds to bailout a large Solana whale that had $207 million in debt spread across multiple lending platforms – in a move that was supposed to backstop potential losses across the Solana ecosystem if the whale’s position were to be liquidated.

How the exploit took place

Solana-based Mango, like other DEXs, relies on smart contracts to match trades between decentralized finance (DeFi) users. This is key to understanding how the exploit took place: Smart contracts are wholly decentralized and are not overseen by a centralized party – which means a rogue trader can deploy enough money to exploit loopholes in any protocol without the risk of anyone stepping in to stop the attack before it takes place.

Two accounts were used to conduct the attack. On account “A,” the trader initially used 5 million USD coin (USDC) to purchase 483 million MNGO and go short, or bet against, the asset. Then on account “B,” the trader used another 5 million USDC to buy the same amount of MNGO, using 10 million USDC in total to effectively hedge his position, data on Mango pointed out by Genesis head of derivatives Joshua Lim shows.

The trader then used more funds to buy up spot MNGO tokens, taking its price from just 2 cents to as much as 91 cents within a ten-minute span. This was possible as spot MNGO was a thinly-traded token with low liquidity, which allowed the rogue trader to manipulate prices quickly.

As spot MNGO prices increased, the trader’s account “B” quickly racked up some $420 million in unrealized profits. The attacker then took out over $116 million in liquidity from all tokens available on Mango, which effectively wiped out the protocol.

CoinDesk - Unknown

The entirety of liquidity on Mango was drained from all tokens offered to users on the platform. (Mango).

Spot MNGO prices soon corrected back to 2 cents, falling under the prices that the trader first used to purchase MNGO futures on account “A.” That account sits at over $6 million in profit at writing time – but there’s no liquidity left in the platform to pay the trader out.

All in all, the rogue trader used over 10 million USDC to take out over $116 million from Mango, paying minimal fees for conducting the attack and doing everything within the parameters of how the platform was designed. Mango wasn’t hacked, it worked exactly as intended, and a savvy trader, albeit with nefarious intentions, managed to wring token liquidity out.

It’s important to note that the above manipulative strategy won't work on two centralized exchanges, because a trader placing high bids on one venue would mean prices automatically move higher on that exchange and other exchanges immediately raise the price of assets on their own systems – meaning the strategy is unlikely to net any profits.

Meanwhile, Mango developers said Wednesday that Switchboard and Pyth pricing oracles updated the benchmark price of MNGO to above $0.15, in line with the price hike on FTX and Ascendex. Oracles are third-party tools that fetch data from outside a blockchain to within it.

"Neither oracle providers have any fault here. The oracle price reporting worked as it should have," Mango wrote on Twitter.

“The attacker pumped and dumped the mango token, which is a thinly traded token,” wrote Kanav Kariya, president at Jump Crypto, a crypto fund that has heavily backed Pyth, in a tweet.

“Oracles just report the price. Pyth/Switchboard accurately reported the prevailing prices on exchanges,” Kariya added. MNGO is down 40% in the past 24 hours.

CORRECTION (Oct. 12, 2022 14:14 UTC): Amends paragraph about pricing oracles. Adds tweet from Mango saying pricing oracles worked as they should have.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.