The Solana blockchain-based decentralized finance platform Mango has been hacked for more than $100 million.
Blockchain auditors OtterSec first posted about the attack on Twitter, claiming that “the attacker was able to manipulate their Mango collateral.”
OtterSec’s Robert Chen said that the Mango governance token was worth far higher than it ought to have been. “With that, [the attacker] was able to take out large loans against it and then drain Mango’s [liquidity] pools. It’s like a lending-borrowing race: If you have overvalued collateral, you can then borrow against that collateral, and that’s what they did.”
Although there are currently a number of suggestions flying around on Twitter proposing how the hack could’ve been carried out, as per Chen, it is still unknown exactly how the attacker was able to increase MNGO’s worth in the viewpoint of the Mango system.
In a tweet on Tuesday, Mango acknowledged the issue and said it was “investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.”
The drained funds were still there on the Solana blockchain. Offending addresses have been blacklisted in identical circumstances by centralized exchanges like Coinbase, Binance, and Kraken, the only firms with the liquidity for an individual to cash out funds this high.
Mango initially stated that it was “disabling deposits on the front end as a precaution” and “taking steps to have third parties freeze funds in flight.”
On the Solana blockchain, Mango is a decentralized cryptocurrency exchange that lets users make loans and spot trades. According to pricing information from CoinMarketCap, Mango’s MNGO token has lost more than 42% of its value over the previous 24 hours due to concerns that the platform may have been manipulated.
Tuesday’s attack, which followed last week’s $80 million hack of Binance’s BNB blockchain, was the second significant decentralized financial attack in less than a week.