Hacker managed to drain funds with help of oracle price manipulation
Solana-based decentralized finance protocol Mango has suffered a $100 million hack.
The incident was originally reported by blockchain auditor OtterSec, which were alerted by blockchain developer Tom Geshury. The attacker managed to pull off the hack by manipulating their Mango collateral.
They managed to take out massive loans from the Mango treasury by achieving a short-lived spike in the value of their collateral.
Mango said that it was investigating the incident in a tweet. The project is currently focused on attempting to freeze the stolen funds by cooperating with relevant third parties.
The protocol has so far disabled deposits on the front end. It also stated that it was open to offering bounties for the return of funds.
The Mango hack marked the second major DeFi incident in the span of a week after Binance’s BNB blockchain was drained of $80 million.
The hacker has spoken
The hacker has made a proposal to try and negotiate for a bounty. In their message, the hacker says the Mango treasury has about 70 million USDC available to repay bad debt. If this proposal passes, the hacker will send tokens to an address announced by the Mango team in order to cover any remaining debt. Mango holders will agree to pay off the bad debt and wave any claims against accounts with bad debt.
Under this proposal, the project is not supposed to pursue any criminal investigations or freezing of funds.