Mango Markets, a decentralized finance (DeFi) exchange based on the Solana blockchain has reportedly suffered a breach of over $100 million as a result of an attacker manipulating price data.
By manipulating the value of their Mango (MNGO) native token collateral and then taking out “large loans” from Mango Markets’ treasury, the attacker was able to drain the exchange of over $100 million, according to a tweet from blockchain security firm OtterSec.
Soon after, the Mango Markets team posted a tweet asking the attacker to get in touch with them to talk about a bug bounty and advising users not to deposit money until “the issue was more apparent.”
Later, the team acknowledged that a price oracle—a price data feed of the value of its MNGO token—had been manipulated and declared that it has disabled deposits while looking into the matter.
According to data from CoinGecko, the price of the platforms’ MNGO token has decreased by about 52% over the past 24 hours as a result of the news of the exploit.
According to the exploiters’ account on the network, the three biggest withdrawals totaled $50 million in USD Coin, over $26.7 million in Marinade Staked SOL (mSOL), a Solana staking token, and around $24 million in SOL.
Mango reported that it was withdrawing MNGO worth over $14.7 million and that it is “taking steps to have third parties freeze monies in flight.”
According to blockchain security firm Beosin, the QANplatform blockchain also experienced its own vulnerability on October 11 when its Ethereum bridge was drained of roughly $1.89 million worth of its native QANX coin. According to QANplatform, it is looking into the incident.
