In the second $100 million DeFi hack this week, Mango Markets was drained of $100 million in funds due to an exploit. Mango Markets tweeted Tuesday evening that a hacker was able to drain funds from Mango via oracle price manipulation.
Just last Thursday, $100 million was stolen from Binance Smart Chain, another DeFi protocol.
According to blockchain auditing website OtterSec, the attacker temporarily increased the value of their security and then took out loans from the Mango treasure.
Mango Markets is a Solana-based platform for trading digital assets on the Solana blockchain for spot margin and perpetual futures trading. Mango Markets is managed by Mango DAO.
“It’s an economic design flaw,” said OtterSec founder Robert Chen Decrypt via Telegram, adding that it is a risk that Mango Markets had already acknowledged.
“At 6:19pm ET, an attacker funded account A with 5mm USDC collateral,” tweeted Joshua Lim, former head of derivatives at Genesis Global Trading.
As Lim explained, the attacker then offered 483 million units of MNGO perps (perpetual contracts) on Mango Market’s order book. Then at 6:24 PM ET, the attacker funded another account with 5 million USDC collateral to buy the 483 million units of MNGO men at $0.03 per unit.
At 18:26 ET, the attacker began moving the Mango spot market price, increasing the price to $0.91 and the value of 483 million MNGO to $423 million.
The attacker then took out a loan of $116 million, leaving Mango’s treasury with a negative balance of -116.7 million. Assets drained include USDC, MSOL, SOL, BTC, USDT, SRM and MNGO, wiping out all of Mango’s liquidity.
In response, Mango Markets says it has disabled deposits and is taking steps to freeze third-party funds.
A Twitter user noted that the attacker was funded 5.5 million by FTX, prompting FTX CEO Sam Bankman-Fried to respond that the company is investigating.
Mango Markets has offered the attacker the chance to collect a bug bounty in exchange for returning the stolen funds.
Editor’s note: this article has been updated to note that Joshua Lim is no longer affiliated with Genesis Global Trading.
Stay up to date on crypto news, get daily updates in your inbox.
Stalker 2 hacked by Russia, developers say
Valorant 6.2, LOL 13.2 and other game updates delayed
What to do with unwanted email subscriptions to avoid being hacked
– Federal Google allows Indian users to choose default search engine on Android phones
The 9 Best Tools for Windows Power Users
How a magician-mathematician exposed a loophole in the casino
Anita Burges: Organization expert reveals how to pack a suitcase without wrinkling your clothes
How to watch Florida Gators vs. Mississippi State Bulldogs: Live stream information, TV channel, game time
How Bitcoin Gambling Works
How to know if you have been hacked and what to do next
![Alpine weight loss [Fake Exposed] Alpine South Africa](https://www.entrebastidors.info/wp-content/uploads/2023/01/IMAGE_1672911094-120x120.jpg "Alpine weight loss [Fake Exposed] Alpine South Africa")
