by
Solana-based trading platform Mango Markets has lost around $116 million in cryptocurrency after a hacker is believed to have undertaken a “flash loan” attack.
A flash loan attack is a decentralized finance attack where a cybercriminal takes out a flash loan — a noncollateralized loan from a lending protocol — and then manipulates the price of a crypto asset on one exchange to sell it quickly on another. Mango Markets, run by the Blockworks Foundation, offers a decentralized exchange for trading cryptocurrency, with trades executed on the Solana blockchain.
In the case of Mango Markets, the hacker used two accounts to raise the price of Mango coin, the token used in trading on the platform, artificially. That allowed them to manipulate their collateral on the platform to obtain loans from Mango’s treasury.
The price was manipulated through the hacker taking out a futures position, an agreement to buy tokens at a future date and price at an inflated price. According to Tech Monitor today, the price of MNGO shot up by around 1,000% in minutes, elevating the collateral value of the hacker’s account, which was then drawn upon, draining Mango Markets in the process.
There is some dispute, however, as to whether this constitutes a flash loan attack, as OtterSec claims on Twitter that the scheme involved broader price manipulation.
At a high level,
1. This was not a flashloan attack
2. The attacker addresses were funded 5.5M via FTX
3. It appears the attacker manipulated prices across all exchanges, not just Solana oracles pic.twitter.com/mQnjCTvPZi
— OtterSec (@osec_io) October 12, 2022
At this point in an attack on a cryptocurrency exchange, several things typically happen, such as the exchange trying to contact those behind the theft to negotiate a settlement. But this wasn’t the case with Mango Markets, which is a decentralized exchange governed by a decentralized autonomous organization consisting of those holding MNGO. The hacker holds MNGO and voted for their own solution for returning the stolen funds.
The person claiming to be the hacker told the DAO that they are willing to return the stolen cryptocurrency if the community agrees to repay a bad debt from June that was used to save another Solana project called Solend.
On promising to return stolen funds to a designated address, the hacker demanded that “the Mango treasury will be used to cover any remaining bad debt in the protocol and all users without bad debt will be made whole.”
“By voting for this proposal, Mango token holders agree to pay this bounty and pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt and will not pursue any criminal investigations or freezing of funds once the tokens are sent back,” the hacker wrote.
Since the DAO is a democracy, the hacker cast 33 million votes in favor of the proposal, according to Decrypt, giving the proposal an approval rating of 99.9%. Voting is not yet closed, however, with a further 67 million yes votes required by Friday to make the result official.
The attack on Mango Markets is not the first in the DeFi industry. In April, a flash loan attack on Beanstalk Farms resulted in the theft of $182 million in cryptocurrency.
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Hacker steals $116M in cryptocurrency in attack on Mango Markets
Amazon to launch first two Project Kuiper internet satellites in early 2023
Blockchain development platform Tatum nabs $41.5M to untangle Web3
Cybersecurity training provider KnowBe4 to be acquired for $4.6B
Blockchain data indexing startup Nxyz raises $40M led by Paradigm
At Ignite 2022, DevOps and ransomware protection are the focus of Microsoft’s security updates
Hacker steals $116M in cryptocurrency in attack on Mango Markets
BLOCKCHAIN – BY . 56 MINS AGO
Amazon to launch first two Project Kuiper internet satellites in early 2023
EMERGING TECH – BY . 5 HOURS AGO
Blockchain development platform Tatum nabs $41.5M to untangle Web3
BLOCKCHAIN – BY . 6 HOURS AGO
Cybersecurity training provider KnowBe4 to be acquired for $4.6B
SECURITY – BY . 7 HOURS AGO
Blockchain data indexing startup Nxyz raises $40M led by Paradigm
BLOCKCHAIN – BY . 8 HOURS AGO
At Ignite 2022, DevOps and ransomware protection are the focus of Microsoft’s security updates
SECURITY – BY . 8 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.