{"id":37423,"date":"2022-10-13T06:24:40","date_gmt":"2022-10-13T10:24:40","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=37423"},"modified":"2022-10-13T06:24:42","modified_gmt":"2022-10-13T10:24:42","slug":"hacker-steals-117-million-from-mango-markets","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/hacker-steals-117-million-from-mango-markets\/","title":{"rendered":"Hacker steals $117 million from Mango Markets"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\">Mango Markets was the target of a significant attack in which the<a href=\"https:\/\/coinscreed.com\/staging\/mango-markets-receives-new-ultimatum-from-exploiter.html\" target=\"_blank\" rel=\"noreferrer noopener\"> hacker <\/a>allegedly stole a whopping $117 million from the Solana-based protocol.<\/h5>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-1024x683.jpg\" alt=\"Hacker steals $117 million from Mango Markets\" class=\"wp-image-37427\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-1024x683.jpg 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-300x200.jpg 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-768x512.jpg 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-150x100.jpg 150w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-750x500.jpg 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker-1140x760.jpg 1140w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Hacker steals $117 million from Mango Markets<\/figcaption><\/figure>\n\n\n\n<p><a href=\"https:\/\/coinscreed.com\/staging\/solana-defi-exchange-mango-experience-market-manipulation.html\" target=\"_blank\" rel=\"noreferrer noopener\">Mango Markets<\/a>, situated in Solana, was the victim of a $117 million breach on Tuesday. On October 11th, the team tweeted that they were looking into the hack and suspending the cash connected to the hacker, informing users of the problem. Additionally, they stated that deposits will be frozen as a precaution.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cWe are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight. We will be disabling deposits on the front end as a precaution and will keep you updated as the situation evolves.\u201d<\/p><\/blockquote>\n\n\n\n<p>Only a week before the theft, someone attacked the<a href=\"https:\/\/www.google.com\/search?q=Hacker+steals+%24117+million+from+Mango+Markets&oq=Hacker+steals+%24117+million+from+Mango+Markets&aqs=chrome..69i57j0i30i546.927j0j9&sourceid=chrome&ie=UTF-8\" target=\"_blank\" rel=\"noreferrer noopener\"> BNB Chain<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a> and stole $100 million from the protocol.<\/p>\n\n\n\n<p>The attacker was able to increase the value of their collateral before obtaining loans from the Mango treasury, according to the blockchain auditing website OtterSec.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cIt appears the attacker was able to manipulate their Mango collateral. They temporarily spiked up their collateral value and then took out massive loans from the Mango treasury.\u201d<\/p><\/blockquote>\n\n\n\n<p>OtterSec's founder, Robert Chen, claimed that an economic design error was to blame for the attack. He continued by saying that Mango Markets was well aware of this risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-details-of-the-hack\">Details of the hack<\/h2>\n\n\n\n<p>In a thorough post-mortem of the Mango Market hack, <a href=\"https:\/\/coinscreed.com\/staging\/fbi-warns-crypto-investors-against-vulnerabilities-amidst-security-issues.html\" target=\"_blank\" rel=\"noreferrer noopener\">blockchain security<\/a> and auditing company Cetik explain how the hacker was able to use the token to carry out the hack.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cThe attacker used two addresses to manipulate the price of MNGO \u2013 Mango\u2019s native token and collateral asset \u2013 from $0.038 to a peak of $0.91. This allowed them to borrow heavily against their $MNGO collateral, which they did so to the tune of approximately $117 million, though this figure is fluctuating due to the prices of affected tokens reacting to the news.\u201d<\/p><\/blockquote>\n\n\n\n<p>Hacken, a blockchain security company, provided more information, noting that the hacker needed $5 million in USDC to launch the attack. The official Twitter account of Mangi Market verified this by tweeting that two accounts backed by USDC had opened long positions in MNGO-PERP. Mango noted that the price of MNGO\/USD increased 5x to 10x in a matter of minutes on a variety of platforms, including FTX. The Mango team further stated that the Oracle pricing functioned as intended and that no Oracle providers were at fault.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cWe want to clarify and mention here that neither oracle providers have any fault here. The oracle price reporting worked as it should have.\u201d<\/p><\/blockquote>\n\n\n\n<p>The security and auditing company Certik disclosed that they had informed Mango of this issue as early as March 2022, when the subject came up in the Discord channel for the <a href=\"https:\/\/coinscreed.com\/staging\/benddao-lending-protocol-runs-out-of-eth-to-pay-lenders.html\" target=\"_blank\" rel=\"noreferrer noopener\">lending platform<\/a>.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cThe vulnerability here stemmed from the thin liquidity on the MNGO\/USDC market, which was used as the price reference for the MNGO perpetual swap. With only a few million USDC at their disposal, the attacker was able to pump the price of MNGO by 2,394%. This exact attack vector was apparently raised in Mango\u2019s Discord channel back in March of this year.\u00a0<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Mango Markets was the target of a significant attack in which the hacker allegedly stole a whopping $117 million from the Solana-based protocol. Mango Markets, situated in Solana, was the victim of a $117 million breach on Tuesday. On October 11th, the team tweeted that they were looking into the hack and suspending the cash [&hellip;]<\/p>\n","protected":false},"author":38,"featured_media":37427,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[937,10732,275],"class_list":["post-37423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-hackers","tag-mango-markets","tag-solana"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/10\/hacker.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/37423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/38"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=37423"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/37423\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/37427"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=37423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=37423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=37423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}