Solana-based decentralized finance (DeFi) change Mango Markets has been hit with a reported exploit of over $100 million by an attacker manipulating value oracle information, permitting them to take out under-collateralized cryptocurrency loans.
The exploit was first recognized by blockchain safety agency OtterSec, which tweeted the change had been drained of over $100 million as a result of attacker manipulating the worth of its MNGO native token collateral, then taking out “huge loans” from Mango’s treasury.
It seems the attacker was capable of manipulate their Mango collateral. They briefly spiked up their collateral worth, after which took out huge loans from the Mango treasury. pic.twitter.com/2IJrB9RcEJ
— OtterSec (@osec_io) October 11, 2022
The Mango Markets staff tweeted quickly after, warning customers to not deposit funds till “the state of affairs was extra clear” and asking the attacker to contact them to debate a bug bounty.
The staff later confirmed the manipulation of a value oracle — a value information feed of the worth of its MNGO token — and acknowledged that it had disabled deposits whereas it continued investigations of the incident.
We will probably be disabling deposits on the entrance finish as a precaution, and can maintain you up to date because the state of affairs evolves.
If in case you have any info, please contact blockworks@protonmail.com to debate a bounty for the return of funds. 2/
— Mango (@mangomarkets) October 11, 2022
As a result of information of the exploit, the worth of the platforms’ MNGO token has fallen by round 52% within the final 24 hours on the time of writing, according to information from CoinGecko.
Associated: TempleDAO exploit ends in $2M loss
The exploiter’s account on the platform shows the three largest withdrawals have been for $50 million value of USD Coin (USDC), over $26.7 million value of a Solana staking token known as Marinade Staked SOL (mSOL), and almost $24 million value of Solana’s SOL (SOL).
Over $14.7 million value of MNGO was withdrawn, and Mango mentioned it’s “taking steps to have third events freeze funds in flight.”
In the meantime, the QANplatform blockchain additionally suffered from an exploit of its personal on Oct. 11, with its Ethereum bridge drained of round $1.89 million value of its native QANX token, according to blockchain safety firm Beosin. QANplatform said it’s investigating the incident.