MNGO Oracle Gets Manipulated; $100 million drained from the protocol 

An alleged group of hackers got away with $100 million by exploiting the Mango markets protocol & recent evidence diverts attention to the probable identity of the hacker. 

Mango Markets, a Solana-based protocol, announced recently in a tweet that the Defi protocol has become a victim of a hack that supposedly drained funds from the protocol by manipulating the price of the oracle. 

MNGO Oracle Gets Manipulated 

As per OtterSec, a blockchain auditing website, the hacker funded an account with the USDC stablecoin. This was done by taking an outsized position in the Mango token perpetual futures market (MNGO-PERP). Consequently, the price of the token inflated from $0.3 to $0.91, while the price increased by 5 to 10 folds on several exchanges. And this was used as a reference for the MNGO-PERP price.

As a result, the Switchboard and Pyth oracles updated the MNGO benchmark price to over $0.15. Increasing the value of the account long on MNGO-PERP, and thus helping the account borrow and withdraw approximately $100m worth of BTC, USDT, SOL, MSOL and USDC.

Soon after the exploit was detected, the Mango protocol was frozen at 02:37 UTC on October 12- to safeguard the funds of other users from the sudden price increase. 

“As of now any Mango users with deposits on the protocol are not able to withdraw assets; This incident has effectively resulted in a total draining of all equity available,” Mango tweeted.

Hackers Demand Settlement 

After the incident took place, the hackers behind the attack demanded a settlement on the Mango DAO, displaying a willingness to negotiate on the matter. 

“I will send the MSOL, SOL, and MNGO in this account to an address announced by the mango team. The mango treasury will be used to cover any remaining bad debt in the protocol, and all users without bad debt will be made whole. Any bad debt will be viewed as a bug bounty/insurance, paid out of the mango insurance fund.” the proposal reads. 

The hackers (funnily enough) have used the stolen tokens to vote in their favour. They have asked users to vote in favour of the proposal and demanded to forgo any criminal investigations on the matter. 

The team looks forward to dealing with the attackers directly to resolve the issue, and this can be understood in the tweet that says “We believe the most constructive way to approach this is to continue communicating with those responsible for the incident and in control of the funds removed from the protocol to attempt to resolve the issues amicably.”

On-Chain Activity Raises Suspicion Over Attacker’s Identity

According to a report from an independent investigator Chris Brunet, a crypto trader by the name of Avraham Eisenberg was responsible for draining funds from Mango’s treasury. 

Eisenberg allegedly discussed exploiting the protocol on the Discord server about a week before the actual incident took place. The strategy discussed by Eisenberg was similar to the one that is evident in the Mango exploit. 

The idea of exploiting the protocol was introduced on October 5. This is when Eisenberg wrote in a message “I’m investigating a platform that could maybe lead to a 9-figure payday,” under the username Vires Creditor and Honest Person. Moreover, the attacker refused to publicize the attack vector.  Either way, the hacker wouldn’t get a large bounty due to the small size of the protocol’s treasury. 

Explaining the attack strategy as an act of arbitrage, Eisenberg described “You take a long position. And then you make [the price] go up. And then you withdraw all the protocol’s [total locked value].” He considered the attack to be a mere trade that takes advantage of the volatility of the asset’s price. 

Another Such Instance

He also mentioned exploiting the Ethereum lending protocol in a similar way. However, he suggested the exploit to be “more annoying than what I have in mind.” Because it would require a minimum of $10 million upfront to work. 

A few months back, Eisenberg provided the ENS name for one of his Ethereum addresses- ponzishorter.eth. It received $7,500,000 in USDC from Circle at 23:28:35 UTC, while the hacker’s wallet had sent $7,519,769,12 to Circle from Solana at 23:27:07 UTC. And these transactions happened within two minutes. 

The real identity of the hacker can be deduced by timing transactions closely. But any claims made so far are yet to be validated. 

Mango Market is a Solana-based decentralized exchange, while MNGO is the token of the platform. It has a current market cap of $25 million and ranks #511 on coinmarketcap.com. The token is currently trading at $0.02527. 

Read More:

• Defi Wallets
• Defi Prices
• How To Stake Crypto