According to a report published by Certik, the Solana-based - Mango Markets trading platform was hacked for $117 million. The team tweeted about the issue at 7:36 p.m. (ET) on October 11. “We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation,” the Mango Market’s Twitter account detailed. “We are taking steps to have third parties freeze funds in flight. We will be disabling deposits on the front end as a precaution and will keep you updated as the situation evolves.”
Mango Markets hacked for $117 Million
Certik, a blockchain security, and auditing firm reported on the Mango Market hack, which they believe was carried out by a hacker using two accounts to manipulate the price of Mango’s native token (MNGO) and collateral asset. The team explained that the attacker used two addresses to manipulate the price of MNGO—Mango’s native token and collateral asset—from $0.038 to a peak of $0.91, which allowed them to borrow heavily against their $MNGO collateral (USDC), which they did so to the tune of approximately $117 million in value.
#CertiKSkynetAlert 🚨
— CertiK Alert (@CertiKAlert) October 12, 2022
On October 11, 2022 at 11:19 PM UTC, Mango Market was attacked for a total loss of roughly ~$116M.
The attacker was able to manipulate the price of the MNGO token and exploitatively borrowed more assets than what they were supposed to be able to.
🧵… pic.twitter.com/HSIUsPYyA4
Certik, a blockchain security and auditing firm, disclosed that it had been aware of the vulnerability in March of this year. “The thin liquidity on the MNGO/USDC market was used as the price reference for MNGO perpetual swap contracts,” Certik’s summary says. “With only a few million USDC at their disposal, an attacker was able to pump the price of MNGO by 2,394%. This exact attack vector was apparently raised in Mango’s Discord channel back in March of this year by one of our engineers,” their post-mortem concludes.
